Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2025-052)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.12.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-052 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and...

CVE-2024-53271 HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to...

EulerOS 2.0 SP9 : nghttp2 (EulerOS-SA-2023-3346)

According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon...

OSV-2019-1 ASSERT: bufferRemainingSize() >= length.

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18431 Crash type: ASSERT Crash state: bufferRemainingSize = length. Envoy::Http::Http1::ConnectionImpl::copyToBuffer Envoy::Http::Http1::RequestStreamEncoderImpl::encodeHeaders...