Envoy Security Vulnerabilities and Issues — Envoy CVE List

Lucene search

EnvoyproxyEnvoy

7 matches found

CVE•added 2022/06/09 7:15 p.m.•104 views

CVE-2022-29224

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstrea...

5.9CVSS7.2AI score0.00272EPSS

CVE•added 2020/03/04 10:15 p.m.•103 views

CVE-2020-8660

CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some s...

5.3CVSS5.6AI score0.00025EPSS

CVE•added 2024/04/04 8:15 p.m.•94 views

CVE-2024-30255

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATI...

5.3CVSS5.5AI score0.91843EPSS

CVE•added 2020/07/14 10:15 p.m.•69 views

CVE-2020-15104

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, whe...

5.5CVSS5.2AI score0.00116EPSS

CVE•added 2025/05/07 10:15 p.m.•45 views

CVE-2025-46821

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the * character from a set of valid characters in the URI path. As a result URI path containing the * character will not match a URI template ex...

5.3CVSS5.1AI score0.00106EPSS

CVE•added 2024/02/09 11:15 p.m.•42 views

CVE-2024-23323

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26...

5.3CVSS5AI score0.00011EPSS

CVE•added 2024/06/04 9:15 p.m.•19 views

CVE-2024-34362

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager (HCM) with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESET_STREAM frame, and then after receiving the...

5.9CVSS6AI score0.00015EPSS