CVE-2022-29227 Use after free in Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local...

PT-2022-19478 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.22.1 Description: The issue is related to a lifetime bug that can be triggered when Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers. If Envoy sends a local reply wh...