BIT-ENVOY-2022-21656 X.509 subjectAltName matching bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

GHSA-J34V-3552-5R7J Multiple security issues in Pomerium's embedded envoy

Envoy, which Pomerium is based on, has issued multiple CVEs impacting stability and security. Though Pomerium may not be vulnerable to all of the issues, it is recommended that all users upgrade to Pomerium v0.16.4 as soon as possible to minimize risk. Impact - Possible DoS or crash - Resources...

Multiple security issues in Pomerium's embedded envoy

Envoy, which Pomerium is based on, has issued multiple CVEs impacting stability and security. Though Pomerium may not be vulnerable to all of the issues, it is recommended that all users upgrade to Pomerium v0.16.4 as soon as possible to minimize risk. Impact - Possible DoS or crash - Resources...

Type confusion

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

PT-2022-15011 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue is related to a "type confusion" bug in the default certificate validation routines when processing subjectAltNames. This allows, for example, an rfc822Name or...