Lucene search
K

11 matches found

NVD
NVD
added 2026/06/26 6:16 p.m.7 views

CVE-2026-47207

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an extproc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the...

6.5CVSS0.00444EPSS
Exploits1References1
Veracode
Veracode
added 2025/04/02 8:55 a.m.12 views

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of the filter's lifecycle or crash when a local reply is sent to the external server, allows an attacker to trigger a DoS by forcing a failed WebSocket handshake or another scenario...

7.5CVSS6.8AI score0.00406EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/03/25 7:10 a.m.11 views

BIT-ENVOY-2025-30157 Envoy crashes when HTTP ext_proc processes local replies

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket...

7.5CVSS6.5AI score0.00406EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/03/21 3:23 p.m.38 views

Envoy crashes when HTTP ext_proc processes local replies

Summary Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy. PoC If both websocket and extproc are...

7.5CVSS7AI score0.00406EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/21 3:23 p.m.11 views

GHSA-CF3Q-GQG7-3FM9 Envoy crashes when HTTP ext_proc processes local replies

Summary Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy. PoC If both websocket and extproc are...

6.5CVSS7AI score0.00406EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/21 2:49 p.m.10 views

CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket...

6.5CVSS6.3AI score0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/21 2:49 p.m.38 views

CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket...

6.5CVSS0.00406EPSS
Exploits0References2
OSV
OSV
added 2025/03/21 2:49 p.m.12 views

CVE-2025-30157 Envoy crashes when HTTP ext_proc processes local replies

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's extproc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket...

6.5CVSS6.2AI score0.00406EPSS
Exploits0References4
CVE
CVE
added 2025/03/21 2:49 p.m.118 views

CVE-2025-30157

CVE-2025-30157 – Envoy ext_proc filter crash (Affects multiple 1.x releases) The issue affects Envoy’s ext_proc HTTP filter. A life-time management flaw can cause Envoy to crash when a local reply is sent to the external server, with a known scenario involving a failed websocket handshake trigger...

7.5CVSS6.3AI score0.00406EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2024/06/14 2:42 a.m.19 views

CVE-2024-34364

A flaw was found in Envoy's extproc and extauthz functions. This flaw allows a remote, unauthenticated attacker to trigger excessive memory consumption, causing a denial of service...

5.7CVSS6.8AI score0.00467EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 10:54 a.m.21 views

BIT-ENVOY-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

9.8CVSS7.4AI score0.00731EPSS
Exploits1References2
Rows per page
Query Builder