CVE-2021-28682

A flaw was found in envoyproxy/envoy. An attacker, able to craft a packet which specifies a large grpc-timeout, can potentially cause envoy to incorrectly calculate the timeouts resulting in a denial of service. The highest threat from this vulnerability is to system availability...

CVE-2021-28683

A NULL pointer dereference vulnerability was found envoyproxy/envoy. This flaw allows an attacker to establish a TLS session that sends an invalid TLS alert code, causing a NULL pointer exception to occur that crashes the application, resulting in a denial of service. The highest threat from this...

CVE-2021-21378

An authentication bypass vulnerability was found in envoyproxy/envoy. When specifying a JSON Web Token JWT authentication filter, if allowmissing is also used, this flaw allows an attacker to craft a request with a JWT token with an incorrect issuer bypassing the filter. The highest threat from...

RHEL 8 : Red Hat OpenShift Service Mesh 1.1 servicemesh-proxy (RHSA-2020:4129)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4129 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift...

envoy:symbol_table_fuzz_test: Stack-buffer-overflow in Envoy::Stats::Fuzz::EnvoyTestOneInput

Project: https://github.com/envoyproxy/envoy.git Detailed Report: https://oss-fuzz.com/testcase?key=5645970620809216 Project: envoy Fuzzing Engine: libFuzzer Fuzz Target: symboltablefuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: Stack-buffer-overflow READ 1 Crash Address:...

envoy/h1_capture_fuzz_test: NULL

Project: https://github.com/envoyproxy/envoy.git Detailed report: https://oss-fuzz.com/testcase?key=6306973401219072 Project: envoy Fuzzer: libFuzzerenvoyh1capturefuzztest Fuzz target binary: h1capturefuzztest Job Type: libfuzzerubsanenvoy Platform Id: linux Crash Type: UNKNOWN READ Crash Address...