Lucene search
K
EnvoyproxyEnvoy

109 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5290 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2023/07/25 6:24 p.m.2540 views

CVE-2023-35942

CVE-2023-35942 affects Envoy. Prior to fixes, gRPC access loggers using a listener’s global scope can cause a use-after-free crash when the listener is drained. Affected versions: < 1.23.12, < 1.24.10, < 1.25.9, < 1.26.4,

6.5CVSS7.8AI score0.00735EPSS
CVE
CVE
added 2023/07/13 8:41 p.m.271 views

CVE-2023-35945

CVE-2023-35945 affects Envoy’s HTTP/2 codec. The root cause is in nghttp2 cleanup: after RST_STREAM and subsequent GOAWAY, cleanup of pending requests skips deallocation, leaking header/bookkeeping structures and causing memory exhaustion (DoS). Patched in these versions: 1.26.3, 1.25.8, 1.24.9, ...

7.5CVSS7.4AI score0.01106EPSS
CVE
CVE
added 2024/02/09 10:51 p.m.231 views

CVE-2024-23322

Envoy proxy vulnerability set (CVE-2024-23322 and related CVEs 23323–23327). The primary issue (CVE-2024-23322) triggers a crash when hedge_on_per_try_timeout, per_try_idle_timeout, and per-try-timeout are enabled and their timings overlap within the idle backoff interval. The advisories state th...

7.5CVSS7.3AI score0.00679EPSS
CVE
CVE
added 2019/11/11 12:17 a.m.193 views

CVE-2019-18836

CVE-2019-18836 is linked to a DoS in Envoy where a single idle TCP connection can keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used. Connected documents tie this to Istio 1.3.x before 1.3.5 (continue_on_listener_filters_timeout set to True), identifyi...

7.5CVSS7.2AI score0.01938EPSS
CVE
CVE
added 2019/12/13 12:21 p.m.188 views

CVE-2019-18802

CVE-2019-18802 affects Envoy 1.12.0. An untrusted remote client can send an HTTP header (e.g., Host) with trailing whitespace, causing Envoy to treat header-value and header-value as different strings and potentially bypass Host matchers. The linked records (including openSUSE/SUSE advisories) as...

9.8CVSS9.2AI score0.02457EPSS
CVE
CVE
added 2023/04/04 5:57 p.m.187 views

CVE-2023-27488

Envoy CVE-2023-27488 affects multiple 1.x branches prior to 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. When an HTTP header with non-UTF-8 data is processed with ext_authz/ext_proc/tap/ratelimit and gRPC log services, Envoy could generate an invalid protobuf message. The receiving service could e...

9.8CVSS7.5AI score0.00731EPSS
CVE
CVE
added 2023/04/04 3:42 p.m.177 views

CVE-2023-27487

CVE-2023-27487 affects Envoy (edge/service proxy). The issue: a client can forge the internal x-envoy-original-path header because Envoy does not remove it early in request processing, allowing forged values to influence trace/grpc logs and jwt_authn URL checks. Impact is high (confidentiality/in...

9.1CVSS8.7AI score0.00636EPSS
CVE
CVE
added 2022/02/22 10:45 p.m.170 views

CVE-2021-43826

CVE-2021-43826 affects Envoy: a crash occurs in affected versions when tunneling TCP over HTTP is used and the downstream connection disconnects while the upstream connection or HTTP/2 stream is still establishing. This is a crash (not a memory corruption) with availability impact; no public expl...

7.5CVSS7.5AI score0.01046EPSS
CVE
CVE
added 2023/04/04 7:46 p.m.170 views

CVE-2023-27493

Envoy (CVE-2023-27493) fails to sanitize or escape certain request properties when constructing headers, allowing characters illegal in header values to be sent upstream. This can cause the upstream service to interpret the request as two pipelined requests, potentially bypassing Envoy’s security...

9.1CVSS8.7AI score0.00507EPSS
CVE
CVE
added 2022/02/22 10:35 p.m.168 views

CVE-2022-21654

CVE-2022-21654 affects Envoy (open‑source edge/service proxy). The issue stems from TLS: session re‑use is possible when cert validation settings have been changed from defaults. The stated workaround is to ensure default TLS settings are used, and users are advised to upgrade for remediation.

9.8CVSS8.3AI score0.01061EPSS
CVE
CVE
added 2022/02/22 10:15 p.m.167 views

CVE-2021-43824

CVE-2021-43824 affects Envoy. In affected versions, a crafted request with a CONNECT to the JWT filter configured with a regex match can crash Envoy, enabling a denial-of-service. The root cause is tied to the JWT filter when regex matching is used. Impact is described as a partial availability l...

7.5CVSS7.2AI score0.01046EPSS
CVE
CVE
added 2023/04/04 6:34 p.m.165 views

CVE-2023-27492

CVE-2023-27492 describes a denial-of-service in Envoy’s Lua filter prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, triggered by large request bodies on routes with Lua enabled. The issue arises from the Lua coroutine being invoked even when the filter has been reset, leading to cras...

6.5CVSS6.6AI score0.00686EPSS
CVE
CVE
added 2022/02/22 10:45 p.m.164 views

CVE-2021-43825

CVE-2021-43825 is a vulnerability in Envoy where a buffer overflow during response processing in the filter chain may cause a use-after-free, potentially crashing the process and causing a denial of service. The provided connected documents (OSV, RHSA/Nessus listings) describe the issue as a use-...

7.5CVSS6.8AI score0.00864EPSS
CVE
CVE
added 2023/04/04 7:48 p.m.164 views

CVE-2023-27496

CVE-2023-27496 affects the Envoy proxy. Prior to patch versions (1.26.0, 1.25.3, 1.24.4, 1.23.6, 1.22.9), an OAuth redirect response without the state parameter could cause abnormal termination of the Envoy process when the redirect path is requested. A patch is available in those lines; mitigati...

7.5CVSS7.6AI score0.00758EPSS
CVE
CVE
added 2022/02/22 10:40 p.m.161 views

CVE-2022-21655

CVE-2022-21655 affects Envoy’s common router: if an internal redirect selects a route configured with direct response or redirect actions, it can segfault, causing a denial of service. The available sources confirm this behavior and provide a workaround: disable internal redirects on listeners wh...

7.5CVSS7.4AI score0.01127EPSS
CVE
CVE
added 2024/04/04 7:41 p.m.159 views

CVE-2024-30255

Envoy's HTTP/2 implementation is vulnerable to CPU exhaustion from a flood of CONTINUATION frames in versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8. The vulnerability lets an attacker send unlimited CONTINUATION frames without END_HEADERS, causing high CPU usage and potential denial of serv...

7.5CVSS5.5AI score0.8781EPSS
CVE
CVE
added 2022/02/22 10:20 p.m.157 views

CVE-2022-23606

CVE-2022-23606 affects Envoy. When a cluster is deleted via Cluster Discovery Service (CDS), idle connections to endpoints in that cluster are disconnected. A recursion was introduced in the disconnect procedure, which can lead to stack exhaustion and abnormal process termination when many idle c...

6.5CVSS5.5AI score0.01EPSS
CVE
CVE
added 2023/07/25 6:26 p.m.157 views

CVE-2023-35943

CVE-2023-35943 affects Envoy’s CORS filter: prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, removing the origin header between decodeHeaders and encodeHeaders can cause a segfault/crash. A fix is available in those branches (upgrade to a version that includes the patch, e.g., 1.27...

7.5CVSS7.6AI score0.00584EPSS
CVE
CVE
added 2023/04/04 6:18 p.m.156 views

CVE-2023-27491

CVE-2023-27491 affects Envoy: a non-compliant HTTP/1 service may allow malformed requests to bypass security policies. The BIT-ENVOY-2023-27491 entry documents that this vulnerability can be triggered in pre‑fix releases and that the issue is fixed in Envoy versions 1.26.0, 1.25.3, 1.24.4, 1.23.6...

9.1CVSS6.9AI score0.00869EPSS
CVE
CVE
added 2022/02/22 10:25 p.m.148 views

CVE-2022-21656

CVE-2022-21656 concerns Envoy. The connected sources describe a type-confusion bug in the default_validator.cc handling of subjectAltNames that can allow rfc822Name or URI names to be treated as domain names, bypassing nameConstraints from OpenSSL/BoringSSL and enabling impersonation of upstream ...

7.4CVSS6AI score0.00768EPSS
CVE
CVE
added 2021/05/28 9:0 p.m.145 views

CVE-2021-29492

Envoy versions up to 1.18.2 contain a URL-path decoding flaw: escaped slashes (%2F, %5C) are not decoded, allowing an attacker to craft paths like /something%2F..%2Fadmin to bypass access controls and escalate privileges when RBAC/JWT filters enforce path-based policies. This can let a backend se...

8.3CVSS8AI score0.68383EPSS
CVE
CVE
added 2022/02/22 10:30 p.m.139 views

CVE-2022-21657

Envoy CVE-2022-21657: In affected Envoy versions, certificate validation does not restrict peer certificates to those with the correct extendedKeyUsage (serverAuth/clientAuth); an e-mail or other non-authorized EKU certificate may be accepted for TLS, potentially allowing upstream certificates to...

6.8CVSS6.6AI score0.00509EPSS
CVE
CVE
added 2021/08/24 8:25 p.m.138 views

CVE-2021-32777

CVE-2021-32777 affects Envoy’s ext-authz extension, where sending request headers to the external authorization service fails to merge multiple value headers as required by HTTP spec. This can allow specially crafted requests to bypass authorization or escalate privileges when multiple-valued hea...

8.6CVSS8.5AI score0.03325EPSS
CVE
CVE
added 2021/08/24 8:45 p.m.135 views

CVE-2021-32779

CVE-2021-32779 affects Envoy, where a URI with a '#fragment' can be misinterpreted as part of the path. In affected Envoy releases prior to 1.18.0, or 1.18.0+ with path_normalization=false, the fragment may be treated as a path suffix (e.g., /admin#foo) and fail path checks, potentially leaking t...

8.6CVSS8.5AI score0.00948EPSS
Web
CVE
CVE
added 2022/06/09 7:15 p.m.135 views

CVE-2022-29225

CVE-2022-29225 affects Envoy where secompressors in versions before 1.22.1 accumulate decompressed data and overwrite the body during decode/encode, potentially allowing a zip bomb attack that exhausts memory and causes DoS. The connected sources confirm this behavior and the advised mitigation i...

7.5CVSS8.3AI score0.0144EPSS
CVE
CVE
added 2022/06/09 7:10 p.m.128 views

CVE-2022-29224

CVE-2022-29224 : Envoy

5.9CVSS7.2AI score0.00948EPSS
CVE
CVE
added 2024/09/19 11:34 p.m.127 views

CVE-2024-45810

CVE-2024-45810 affects Envoy. The vulnerability is a crash in the HTTP async client when handling sendLocalReply under certain conditions (e.g., websocket upgrade or request mirroring). Root causes described include duplicate status code handling and destructor-order issues in the async stream, l...

7.5CVSS7AI score0.00637EPSS
CVE
CVE
added 2020/03/04 9:10 p.m.126 views

CVE-2020-8660

CVE-2020-8660 concerns CNCF Envoy up to version 1.13.0. The TLS inspector could be bypassed when a TLS 1.3 client is used, because TLS extensions such as SNI and ALPN were not inspected, potentially causing connections to be matched to the wrong filter chain and bypassing some security restrictio...

5.3CVSS5.6AI score0.00606EPSS
CVE
CVE
added 2020/07/01 2:33 p.m.122 views

CVE-2020-12605

CVE-2020-12605 affects Envoy up to version 1.14.2 (and 1.13.2, 1.12.4 or earlier per records) with a memory consumption issue when processing HTTP/1.1 headers having long field names or requests with long URLs. Connected documents confirm this CVE alongside related advisories (e.g., openSUSE/SUSE...

7.5CVSS7.4AI score0.01448EPSS
CVE
CVE
added 2021/05/20 4:15 p.m.120 views

CVE-2021-28682

CVE-2021-28682 affects Envoy (through 1.71.1) with a remotely exploitable integer overflow triggered by an extremely large grpc-timeout value that leads to incorrect timeout calculations. The vulnerability details are corroborated across connected sources (BIT-ENVOY-2021-28682, OSV entries) and s...

7.5CVSS7.5AI score0.0204EPSS
CVE
CVE
added 2021/05/20 4:40 p.m.120 views

CVE-2021-29258

CVE-2021-29258 affects Envoy 1.14.0, causing a remote crash in HTTP2 Metadata triggered by an empty METADATA map → Reachable Assertion. CVSSv3.1 base score 7.5 (HIGH, NETWORK, no user interaction). The connected BIT-ENVOY entry confirms the issue; no exploitation details or fixed-version info are...

7.5CVSS7.4AI score0.01738EPSS
CVE
CVE
added 2020/07/01 2:24 p.m.119 views

CVE-2020-12604

CVE-2020-12604 affects Envoy versions prior to 1.16.1. The issue arises when an HTTP/2 client sends a large payload but does not provide enough window updates to consume the stream and does not reset it, leading to increased memory usage. Public documents specify vulnerable versions (1.14.2, 1.13...

7.5CVSS7.3AI score0.01703EPSS
CVE
CVE
added 2020/07/01 1:53 p.m.118 views

CVE-2020-12603

CVE-2020-12603 affects Envoy before 1.16.1, where memory may be consumed excessively when proxying HTTP/2 traffic consisting of many small frames (1 byte). Affected versions are 1.14.2, 1.13.2, 1.12.4 or earlier. The issue is documented across multiple sources (e.g., BIT-envoy-2020-12603 and rela...

7.5CVSS7.4AI score0.01448EPSS
CVE
CVE
added 2021/05/20 4:34 p.m.118 views

CVE-2021-28683

CVE-2021-28683 affects Envoy up to version 1.71.1, with a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received. The connected documents include external security advisories and vendor references confirming the issue, and note patches/advisories...

7.5CVSS7.4AI score0.01686EPSS
CVE
CVE
added 2019/08/19 10:57 p.m.117 views

CVE-2019-15225

CVE-2019-15225 affects Envoy up to 1.11.1 and is linked to a DoS caused by improper input validation when handling long URIs in route matching (via libstdc++ regex). IBM PSIRT notes vulnerable configuration in Managed Istio (Beta) on IBM Cloud Kubernetes Service, with a CVSS base of 5.3 (in IBM b...

7.5CVSS7.3AI score0.03417EPSS
CVE
CVE
added 2021/08/24 8:50 p.m.117 views

CVE-2021-32781

CVE-2021-32781 affects Envoy, a open-source L7 proxy. The vulnerability arises during processing after a locally generated response, where an internal buffer overflow can prevent stopping request/response processing, potentially allowing access to freed memory. Affected Envoy versions include 1.1...

8.6CVSS7.8AI score0.0133EPSS
CVE
CVE
added 2025/03/21 2:49 p.m.116 views

CVE-2025-30157

CVE-2025-30157 – Envoy ext_proc filter crash (Affects multiple 1.x releases) The issue affects Envoy’s ext_proc HTTP filter. A life-time management flaw can cause Envoy to crash when a local reply is sent to the external server, with a known scenario involving a failed websocket handshake trigger...

7.5CVSS6.3AI score0.00406EPSS
CVE
CVE
added 2024/09/19 11:34 p.m.114 views

CVE-2024-45806

CVE-2024-45806 affects Envoy, a cloud-native edge proxy. The vulnerability stems from Envoy’s default handling of internal RFC1918 addresses, which are trusted even if internal_address_config is empty. An external client could exploit this to manipulate headers (e.g., x-envoy headers), potentiall...

6.5CVSS6.8AI score0.00378EPSS
CVE
CVE
added 2020/04/15 1:5 a.m.112 views

CVE-2020-11767

Istio up to 1.5.1 and Envoy up to 1.14.1 are affected by a data-leak vulnerability where a TCP connection negotiated with SNI over HTTPS to *.example.com can cause a domain-specific request (e.g., abc.example.com) to be sent via a connection reused by a forward proxy to the *.example.com host. Th...

3.1CVSS3.9AI score0.01774EPSS
CVE
CVE
added 2020/07/01 2:19 p.m.112 views

CVE-2020-8663

CVE-2020-8663 affects Envoy prior to 1.16.1. The connected BIT-envoy entry confirms the issue: versions 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. The impact described is resource exhaustion (file descriptors and memory) which...

7.5CVSS7.4AI score0.01475EPSS
CVE
CVE
added 2024/02/09 10:48 p.m.110 views

CVE-2024-23324

Envoy CVE-2024-23324: External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to ext_authz, bypassing ext_authz checks when failure_mode_allow is true. Affects Envoy’s ext_authz handling; impact is limited to bypass of authorization fo...

8.6CVSS7.4AI score0.006EPSS
CVE
CVE
added 2021/03/11 2:40 a.m.108 views

CVE-2021-21378

Summary of CVE-2021-21378 (Envoy): In Envoy 1.17.0, the JWT Authentication filter can bypass authentication when configured with the allowed-missing option under requires_any, due to a faulty handling of an unknown issuer. A JwtUnknownIssuer error was mistakenly converted to JwtMissed, causing a ...

8.2CVSS8.2AI score0.0171EPSS
CVE
CVE
added 2024/04/04 2:30 p.m.108 views

CVE-2024-27919

Envoy CVE-2024-27919 affects the HTTP/2 stack in versions 1.29.0 and 1.29.1, where unlimited MEMORY growth can be triggered by a flood of CONTINUATION frames, leading to DoS. A fix is available in version 1.29.2; as workarounds, downgrade to 1.28.1 or earlier or disable HTTP/2 for downstream conn...

7.5CVSS7.4AI score0.86746EPSS
CVE
CVE
added 2024/04/18 2:18 p.m.108 views

CVE-2024-32475

CVE-2024-32475 affects Envoy when an upstream TLS cluster uses auto_sni and a host/:authority header longer than 255 characters is used as SNI. The vulnerability is triggered by attempting to set SNI to a value exceeding the 255-char limit, causing Envoy to abort abnormally instead of handling th...

7.5CVSS6.5AI score0.00679EPSS
CVE
CVE
added 2021/08/24 8:55 p.m.107 views

CVE-2021-32780

CVE-2021-32780 affects Envoy. A sequence of HTTP/2 GOAWAY followed by SETTINGS (SETTINGS_MAX_CONCURRENT_STREAMS=0) frames can trigger an invalid state transition from CLOSED to DRAINING, causing abnormal termination and DoS in the presence of untrusted upstream servers. Affected Envoy versions in...

8.6CVSS7.8AI score0.0123EPSS
CVE
CVE
added 2022/06/09 7:30 p.m.107 views

CVE-2022-29227

Envoy has a use-after-free in versions before 1.22.1 triggered when replaying an HTTP request with an internal redirect that contains more than the HTTP headers; if a local reply is emitted while redirect headers are processed and the downstream state marks the stream incomplete, Envoy attempts t...

7.5CVSS8.3AI score0.01141EPSS
CVE
CVE
added 2022/06/09 7:20 p.m.107 views

CVE-2022-29228

CVE-2022-29228 affects Envoy’s OAuth filter: in versions prior to 1.22.1, after emitting a local response the filter may call continueDecoding, triggering an assertion in newer builds and memory corruption in older ones. The issue arises from continuing the filter chain after a local reply has be...

7.5CVSS8.3AI score0.01173EPSS
CVE
CVE
added 2021/08/24 8:30 p.m.105 views

CVE-2021-32778

CVE-2021-32778 affects Envoy, where the HTTP/2 stream reset procedure has O(N^2) time complexity, causing high CPU and potential DoS when many streams are opened and closed. Connected advisories indicate fixes in Envoy versions 1.16.5, 1.17.4, 1.18.4, and 1.19.1, addressing the inefficiency. Othe...

7.5CVSS6.3AI score0.0123EPSS
CVE
CVE
added 2022/06/09 7:25 p.m.104 views

CVE-2022-29226

Envoy proxy vulnerability CVE-2022-29226 affects the OAuth filter prior to v1.22.1, where there is no token validation in the filter, causing access to be granted when any access token is present. A fix is to upgrade Envoy to a version that includes proper access-token validation (v1.22.1 or late...

10CVSS9.4AI score0.01238EPSS
Total number of security vulnerabilities109