109 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2023-35942
CVE-2023-35942 affects Envoy. Prior to fixes, gRPC access loggers using a listener’s global scope can cause a use-after-free crash when the listener is drained. Affected versions: < 1.23.12, < 1.24.10, < 1.25.9, < 1.26.4,
CVE-2023-35945
CVE-2023-35945 affects Envoy’s HTTP/2 codec. The root cause is in nghttp2 cleanup: after RST_STREAM and subsequent GOAWAY, cleanup of pending requests skips deallocation, leaking header/bookkeeping structures and causing memory exhaustion (DoS). Patched in these versions: 1.26.3, 1.25.8, 1.24.9, ...
CVE-2024-23322
Envoy proxy vulnerability set (CVE-2024-23322 and related CVEs 23323–23327). The primary issue (CVE-2024-23322) triggers a crash when hedge_on_per_try_timeout, per_try_idle_timeout, and per-try-timeout are enabled and their timings overlap within the idle backoff interval. The advisories state th...
CVE-2019-18836
CVE-2019-18836 is linked to a DoS in Envoy where a single idle TCP connection can keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used. Connected documents tie this to Istio 1.3.x before 1.3.5 (continue_on_listener_filters_timeout set to True), identifyi...
CVE-2019-18802
CVE-2019-18802 affects Envoy 1.12.0. An untrusted remote client can send an HTTP header (e.g., Host) with trailing whitespace, causing Envoy to treat header-value and header-value as different strings and potentially bypass Host matchers. The linked records (including openSUSE/SUSE advisories) as...
CVE-2023-27488
Envoy CVE-2023-27488 affects multiple 1.x branches prior to 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. When an HTTP header with non-UTF-8 data is processed with ext_authz/ext_proc/tap/ratelimit and gRPC log services, Envoy could generate an invalid protobuf message. The receiving service could e...
CVE-2023-27487
CVE-2023-27487 affects Envoy (edge/service proxy). The issue: a client can forge the internal x-envoy-original-path header because Envoy does not remove it early in request processing, allowing forged values to influence trace/grpc logs and jwt_authn URL checks. Impact is high (confidentiality/in...
CVE-2021-43826
CVE-2021-43826 affects Envoy: a crash occurs in affected versions when tunneling TCP over HTTP is used and the downstream connection disconnects while the upstream connection or HTTP/2 stream is still establishing. This is a crash (not a memory corruption) with availability impact; no public expl...
CVE-2023-27493
Envoy (CVE-2023-27493) fails to sanitize or escape certain request properties when constructing headers, allowing characters illegal in header values to be sent upstream. This can cause the upstream service to interpret the request as two pipelined requests, potentially bypassing Envoy’s security...
CVE-2022-21654
CVE-2022-21654 affects Envoy (open‑source edge/service proxy). The issue stems from TLS: session re‑use is possible when cert validation settings have been changed from defaults. The stated workaround is to ensure default TLS settings are used, and users are advised to upgrade for remediation.
CVE-2021-43824
CVE-2021-43824 affects Envoy. In affected versions, a crafted request with a CONNECT to the JWT filter configured with a regex match can crash Envoy, enabling a denial-of-service. The root cause is tied to the JWT filter when regex matching is used. Impact is described as a partial availability l...
CVE-2023-27492
CVE-2023-27492 describes a denial-of-service in Envoy’s Lua filter prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, triggered by large request bodies on routes with Lua enabled. The issue arises from the Lua coroutine being invoked even when the filter has been reset, leading to cras...
CVE-2021-43825
CVE-2021-43825 is a vulnerability in Envoy where a buffer overflow during response processing in the filter chain may cause a use-after-free, potentially crashing the process and causing a denial of service. The provided connected documents (OSV, RHSA/Nessus listings) describe the issue as a use-...
CVE-2023-27496
CVE-2023-27496 affects the Envoy proxy. Prior to patch versions (1.26.0, 1.25.3, 1.24.4, 1.23.6, 1.22.9), an OAuth redirect response without the state parameter could cause abnormal termination of the Envoy process when the redirect path is requested. A patch is available in those lines; mitigati...
CVE-2022-21655
CVE-2022-21655 affects Envoy’s common router: if an internal redirect selects a route configured with direct response or redirect actions, it can segfault, causing a denial of service. The available sources confirm this behavior and provide a workaround: disable internal redirects on listeners wh...
CVE-2024-30255
Envoy's HTTP/2 implementation is vulnerable to CPU exhaustion from a flood of CONTINUATION frames in versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8. The vulnerability lets an attacker send unlimited CONTINUATION frames without END_HEADERS, causing high CPU usage and potential denial of serv...
CVE-2022-23606
CVE-2022-23606 affects Envoy. When a cluster is deleted via Cluster Discovery Service (CDS), idle connections to endpoints in that cluster are disconnected. A recursion was introduced in the disconnect procedure, which can lead to stack exhaustion and abnormal process termination when many idle c...
CVE-2023-35943
CVE-2023-35943 affects Envoy’s CORS filter: prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, removing the origin header between decodeHeaders and encodeHeaders can cause a segfault/crash. A fix is available in those branches (upgrade to a version that includes the patch, e.g., 1.27...
CVE-2023-27491
CVE-2023-27491 affects Envoy: a non-compliant HTTP/1 service may allow malformed requests to bypass security policies. The BIT-ENVOY-2023-27491 entry documents that this vulnerability can be triggered in pre‑fix releases and that the issue is fixed in Envoy versions 1.26.0, 1.25.3, 1.24.4, 1.23.6...
CVE-2022-21656
CVE-2022-21656 concerns Envoy. The connected sources describe a type-confusion bug in the default_validator.cc handling of subjectAltNames that can allow rfc822Name or URI names to be treated as domain names, bypassing nameConstraints from OpenSSL/BoringSSL and enabling impersonation of upstream ...
CVE-2021-29492
Envoy versions up to 1.18.2 contain a URL-path decoding flaw: escaped slashes (%2F, %5C) are not decoded, allowing an attacker to craft paths like /something%2F..%2Fadmin to bypass access controls and escalate privileges when RBAC/JWT filters enforce path-based policies. This can let a backend se...
CVE-2022-21657
Envoy CVE-2022-21657: In affected Envoy versions, certificate validation does not restrict peer certificates to those with the correct extendedKeyUsage (serverAuth/clientAuth); an e-mail or other non-authorized EKU certificate may be accepted for TLS, potentially allowing upstream certificates to...
CVE-2021-32777
CVE-2021-32777 affects Envoy’s ext-authz extension, where sending request headers to the external authorization service fails to merge multiple value headers as required by HTTP spec. This can allow specially crafted requests to bypass authorization or escalate privileges when multiple-valued hea...
CVE-2022-29225
CVE-2022-29225 affects Envoy where secompressors in versions before 1.22.1 accumulate decompressed data and overwrite the body during decode/encode, potentially allowing a zip bomb attack that exhausts memory and causes DoS. The connected sources confirm this behavior and the advised mitigation i...
CVE-2021-32779
CVE-2021-32779 affects Envoy, where a URI with a '#fragment' can be misinterpreted as part of the path. In affected Envoy releases prior to 1.18.0, or 1.18.0+ with path_normalization=false, the fragment may be treated as a path suffix (e.g., /admin#foo) and fail path checks, potentially leaking t...
CVE-2022-29224
CVE-2022-29224 : Envoy
CVE-2024-45810
CVE-2024-45810 affects Envoy. The vulnerability is a crash in the HTTP async client when handling sendLocalReply under certain conditions (e.g., websocket upgrade or request mirroring). Root causes described include duplicate status code handling and destructor-order issues in the async stream, l...
CVE-2020-8660
CVE-2020-8660 concerns CNCF Envoy up to version 1.13.0. The TLS inspector could be bypassed when a TLS 1.3 client is used, because TLS extensions such as SNI and ALPN were not inspected, potentially causing connections to be matched to the wrong filter chain and bypassing some security restrictio...
CVE-2020-12605
CVE-2020-12605 affects Envoy up to version 1.14.2 (and 1.13.2, 1.12.4 or earlier per records) with a memory consumption issue when processing HTTP/1.1 headers having long field names or requests with long URLs. Connected documents confirm this CVE alongside related advisories (e.g., openSUSE/SUSE...
CVE-2021-28682
CVE-2021-28682 affects Envoy (through 1.71.1) with a remotely exploitable integer overflow triggered by an extremely large grpc-timeout value that leads to incorrect timeout calculations. The vulnerability details are corroborated across connected sources (BIT-ENVOY-2021-28682, OSV entries) and s...
CVE-2020-12604
CVE-2020-12604 affects Envoy versions prior to 1.16.1. The issue arises when an HTTP/2 client sends a large payload but does not provide enough window updates to consume the stream and does not reset it, leading to increased memory usage. Public documents specify vulnerable versions (1.14.2, 1.13...
CVE-2021-29258
CVE-2021-29258 affects Envoy 1.14.0, causing a remote crash in HTTP2 Metadata triggered by an empty METADATA map → Reachable Assertion. CVSSv3.1 base score 7.5 (HIGH, NETWORK, no user interaction). The connected BIT-ENVOY entry confirms the issue; no exploitation details or fixed-version info are...
CVE-2020-12603
CVE-2020-12603 affects Envoy before 1.16.1, where memory may be consumed excessively when proxying HTTP/2 traffic consisting of many small frames (1 byte). Affected versions are 1.14.2, 1.13.2, 1.12.4 or earlier. The issue is documented across multiple sources (e.g., BIT-envoy-2020-12603 and rela...
CVE-2021-28683
CVE-2021-28683 affects Envoy up to version 1.71.1, with a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received. The connected documents include external security advisories and vendor references confirming the issue, and note patches/advisories...
CVE-2019-15225
CVE-2019-15225 affects Envoy up to 1.11.1 and is linked to a DoS caused by improper input validation when handling long URIs in route matching (via libstdc++ regex). IBM PSIRT notes vulnerable configuration in Managed Istio (Beta) on IBM Cloud Kubernetes Service, with a CVSS base of 5.3 (in IBM b...
CVE-2021-32781
CVE-2021-32781 affects Envoy, a open-source L7 proxy. The vulnerability arises during processing after a locally generated response, where an internal buffer overflow can prevent stopping request/response processing, potentially allowing access to freed memory. Affected Envoy versions include 1.1...
CVE-2025-30157
CVE-2025-30157 – Envoy ext_proc filter crash (Affects multiple 1.x releases) The issue affects Envoy’s ext_proc HTTP filter. A life-time management flaw can cause Envoy to crash when a local reply is sent to the external server, with a known scenario involving a failed websocket handshake trigger...
CVE-2024-45806
CVE-2024-45806 affects Envoy, a cloud-native edge proxy. The vulnerability stems from Envoy’s default handling of internal RFC1918 addresses, which are trusted even if internal_address_config is empty. An external client could exploit this to manipulate headers (e.g., x-envoy headers), potentiall...
CVE-2020-11767
Istio up to 1.5.1 and Envoy up to 1.14.1 are affected by a data-leak vulnerability where a TCP connection negotiated with SNI over HTTPS to *.example.com can cause a domain-specific request (e.g., abc.example.com) to be sent via a connection reused by a forward proxy to the *.example.com host. Th...
CVE-2020-8663
CVE-2020-8663 affects Envoy prior to 1.16.1. The connected BIT-envoy entry confirms the issue: versions 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. The impact described is resource exhaustion (file descriptors and memory) which...
CVE-2024-23324
Envoy CVE-2024-23324: External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to ext_authz, bypassing ext_authz checks when failure_mode_allow is true. Affects Envoy’s ext_authz handling; impact is limited to bypass of authorization fo...
CVE-2021-21378
Summary of CVE-2021-21378 (Envoy): In Envoy 1.17.0, the JWT Authentication filter can bypass authentication when configured with the allowed-missing option under requires_any, due to a faulty handling of an unknown issuer. A JwtUnknownIssuer error was mistakenly converted to JwtMissed, causing a ...
CVE-2024-27919
Envoy CVE-2024-27919 affects the HTTP/2 stack in versions 1.29.0 and 1.29.1, where unlimited MEMORY growth can be triggered by a flood of CONTINUATION frames, leading to DoS. A fix is available in version 1.29.2; as workarounds, downgrade to 1.28.1 or earlier or disable HTTP/2 for downstream conn...
CVE-2024-32475
CVE-2024-32475 affects Envoy when an upstream TLS cluster uses auto_sni and a host/:authority header longer than 255 characters is used as SNI. The vulnerability is triggered by attempting to set SNI to a value exceeding the 255-char limit, causing Envoy to abort abnormally instead of handling th...
CVE-2021-32780
CVE-2021-32780 affects Envoy. A sequence of HTTP/2 GOAWAY followed by SETTINGS (SETTINGS_MAX_CONCURRENT_STREAMS=0) frames can trigger an invalid state transition from CLOSED to DRAINING, causing abnormal termination and DoS in the presence of untrusted upstream servers. Affected Envoy versions in...
CVE-2022-29228
CVE-2022-29228 affects Envoy’s OAuth filter: in versions prior to 1.22.1, after emitting a local response the filter may call continueDecoding, triggering an assertion in newer builds and memory corruption in older ones. The issue arises from continuing the filter chain after a local reply has be...
CVE-2022-29227
Envoy has a use-after-free in versions before 1.22.1 triggered when replaying an HTTP request with an internal redirect that contains more than the HTTP headers; if a local reply is emitted while redirect headers are processed and the downstream state marks the stream incomplete, Envoy attempts t...
CVE-2021-32778
CVE-2021-32778 affects Envoy, where the HTTP/2 stream reset procedure has O(N^2) time complexity, causing high CPU and potential DoS when many streams are opened and closed. Connected advisories indicate fixes in Envoy versions 1.16.5, 1.17.4, 1.18.4, and 1.19.1, addressing the inefficiency. Othe...
CVE-2022-29226
Envoy proxy vulnerability CVE-2022-29226 affects the OAuth filter prior to v1.22.1, where there is no token validation in the filter, causing access to be granted when any access token is present. A fix is to upgrade Envoy to a version that includes proper access-token validation (v1.22.1 or late...