CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Github Security Blog•added 2025/12/05 6:12 p.m.•7 views

Envoy forwards early CONNECT data in TCP proxy mode

Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...

5.3CVSS6.6AI score0.00002EPSS

Exploits0References3Affected Software1

OSV•added 2025/12/05 6:12 p.m.•2 views

GHSA-RJ35-4M94-77JH Envoy forwards early CONNECT data in TCP proxy mode

3.7CVSS6.5AI score0.00002EPSS

Exploits0References3

NVD•added 2025/12/03 6:15 p.m.•4 views

CVE-2025-64763

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwardi...

5.3CVSS0.00002EPSS

Exploits0References1

CVE•added 2025/12/03 6:13 p.m.•11 views

CVE-2025-64763

Envoy CVE-2025-64763 relates to a de-synchronization risk in TCP proxy mode where Envoy may accept client data for CONNECT requests before sending a 2xx response, and then forward that data to the upstream connection. If the upstream proxy returns a non‑2xx status, the CONNECT tunnel state can be...

5.3CVSS6.4AI score0.00002EPSS

Exploits0References1Affected Software1