149 matches found
sshpiper Data Forgery Issue Vulnerability
sshpiper is a reverse proxy for sshd by Boshi Lian Personal Developers. A data forgery vulnerability exists in sshpiper 1.0.50 and earlier versions, which stems from the way the proxy protocol listener is implemented that may allow an attacker to forge its connection address...
PT-2024-26357 · Sshpiper · Sshpiper
Name of the Vulnerable Software and Affected Versions: sshpiper versions 1.0.50 through 1.2.x Description: The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. This means that any connection that sshpiper is directly or indirectly...
BIT-ENVOY-2020-35470
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter not HTTP filters...
BIT-ENVOY-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...
Important: ecs-service-connect-agent
Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...
CVE-2024-23324
A flaw was found in the Envoy proxy. External authentication can be bypassed by downstream connections that use the PROXY protocol. Downstream clients can force invalid gRPC requests to send to extauthz, circumventing extauthz checks when failuremodeallow is set to true...
CVE-2024-23325
A flaw was found in Envoy. The envoy proxy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerability to Denial Of Service DoS. The vulnerability is due to instances with Proxy Protocol version 2 PPv2 enabled on both a listener and a subsequent cluster. When the downstream request has a command type of LOCAL and lacks the protocol block, attempting to...
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable of Denial Of Service DoS. The vulnerability is due to missing checks to determine if an address type is supported by the OS. An attacker can send a request using a IPv6 address to a host with IPv6 disabled and a listener config with proxy protocol enabled...
Design/Logic Flaw
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the...
CVE-2024-23324 Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...
CVE-2024-23325
CVE-2024-23325 concerns Envoy, a high‑performance proxy. The issue causes a crash in the Proxy protocol when an address type unsupported by the OS is observed; specifically, IPv6‑presented clients on hosts with IPv6 disabled and a listener with proxy protocol enabled can trigger a crash. The advi...
CVE-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the...
CVE-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the...
CVE-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the...
CVE-2024-23327 Crash in proxy protocol when command type of LOCAL in Envoy
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the...
PT-2024-2769
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.26.7 Envoy versions prior to 1.27.3 Envoy versions prior to 1.28.1 Envoy versions prior to 1.29.1 Description The issue is related to Envoy crashing in Proxy protocol when using an address type that isn’t supported by...
Envoy Security Vulnerabilities
Envoy is an open source distributed proxy server. A security vulnerability exists in Envoy versions prior to 1.29.1, which stems from a downstream connection using the PROXY protocol that can bypass external authentication...