EUVD-2021-19544

Malware in sbrugna...

CVE-2021-39162

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary...

CVE-2021-32780

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to...

CVE-2021-32780

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to...

Code injection

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to...

CVE-2021-32780 Incorrect handling of H/2 GOAWAY followed by SETTINGS frames

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to...

CVE-2021-32780

CVE-2021-32780 affects Envoy. A sequence of HTTP/2 GOAWAY followed by SETTINGS (SETTINGS_MAX_CONCURRENT_STREAMS=0) frames can trigger an invalid state transition from CLOSED to DRAINING, causing abnormal termination and DoS in the presence of untrusted upstream servers. Affected Envoy versions in...