91 matches found
CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory OOM vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer...
PT-2024-26387 · Dapr · Dapr
Name of the Vulnerable Software and Affected Versions: Dapr versions prior to 1.13.3 Description: Dapr sends the app token of the invoker app instead of the app token of the invoked app when using Dapr as a gRPC proxy for remote service invocation, causing a leak of the application token of the...
BIT-ENVOY-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with autosni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when settin...
BIT-ENVOY-2021-43825 Use-after-free in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered dat...
BIT-ENVOY-2022-21656 X.509 subjectAltName matching bypass in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
BIT-ENVOY-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage...
BIT-ENVOY-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...
BIT-ENVOY-2023-35942 Envoy's gRPC access log crash caused by the listener draining
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...
BIT-ENVOY-2024-23327 Crash in proxy protocol when command type of LOCAL in Envoy
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the...
CVE-2023-36802
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability...
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
...
VulnCheck KEV: CVE-2023-36802
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation...
PT-2023-4987
Name of the Vulnerable Software and Affected Versions Microsoft Streaming Service Proxy affected versions not specified Description An elevation-of-privilege issue exists in the Microsoft Streaming Service Proxy for Windows operating systems. The flaw is caused by a memory buffer overflow, which...
CVE-2023-36802
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Oracle Linux 8 : istio (ELSA-2023-12780)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12780 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. olcne - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 Tenable has...
Design/Logic Flaw
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...
CVE-2023-27493
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values ...
Design/Logic Flaw
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with t...
CVE-2023-27496 Envoy may crash when a redirect url without a state param is received in the oauth filter
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with t...
CVE-2023-27491
CVE-2023-27491 affects Envoy: a non-compliant HTTP/1 service may allow malformed requests to bypass security policies. The BIT-ENVOY-2023-27491 entry documents that this vulnerability can be triggered in pre‑fix releases and that the issue is fixed in Envoy versions 1.26.0, 1.25.3, 1.24.4, 1.23.6...