EUVD-2026-10804

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

Envoy 资源管理错误漏洞

Envoy is an open-source gateway program developed by Enphase for connecting smart home devices. Versions of Envoy prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 contain a resource management vulnerability. This vulnerability stems from logical flaws in the HTTP connection manager, which may lead to...

PT-2024-25820 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue is related to a use-after-free in HttpConnectionManager HCM with EnvoyQuicServerStream, which can cause Envoy to crash. An attacker can exploit this by sending a request without FIN...