Envoy Security Vulnerabilities and Issues — Envoy CVE List

Lucene search

EnvoyproxyEnvoy

8 matches found

CVE•added 2022/02/22 11:15 p.m.•152 views

CVE-2021-43826

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:upstream tunneling and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. ...

7.5CVSS7.5AI score0.00095EPSS

CVE•added 2022/02/22 11:15 p.m.•150 views

CVE-2022-21654

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised t...

9.8CVSS8.3AI score0.0006EPSS

CVE•added 2022/02/22 11:15 p.m.•145 views

CVE-2021-43825

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data ...

7.5CVSS6.8AI score0.00096EPSS

CVE•added 2022/02/22 11:15 p.m.•144 views

CVE-2022-21655

Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redir...

7.5CVSS7.4AI score0.00122EPSS

CVE•added 2022/02/22 11:15 p.m.•141 views

CVE-2021-43824

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use r...

7.5CVSS7.2AI score0.00125EPSS

CVE•added 2022/02/22 11:15 p.m.•139 views

CVE-2022-23606

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle con...

6.5CVSS5.5AI score0.00099EPSS

CVE•added 2022/02/22 11:15 p.m.•130 views

CVE-2022-21656

Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Nam...

7.4CVSS6AI score0.00017EPSS

CVE•added 2022/02/22 11:15 p.m.•128 views

CVE-2022-21657

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-k...

6.8CVSS6.6AI score0.00039EPSS