Envoy Security Vulnerabilities and Issues — Envoy CVE List

Lucene search

EnvoyproxyEnvoy

8 matches found

CVE•added 2023/07/25 7:15 p.m.•2510 views

CVE-2023-35942

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1....

6.5CVSS7.8AI score0.00016EPSS

CVE•added 2023/04/04 7:15 p.m.•146 views

CVE-2023-27492

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes...

6.5CVSS6.6AI score0.00034EPSS

CVE•added 2022/02/22 11:15 p.m.•131 views

CVE-2022-23606

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle con...

6.5CVSS5.5AI score0.00094EPSS

CVE•added 2022/02/22 11:15 p.m.•126 views

CVE-2022-21657

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-k...

6.8CVSS6.6AI score0.00037EPSS

CVE•added 2024/09/20 12:15 a.m.•77 views

CVE-2024-45806

Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of...

6.5CVSS6.8AI score0.00331EPSS

CVE•added 2024/06/04 9:15 p.m.•49 views

CVE-2024-34364

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.

6.5CVSS6.3AI score0.00019EPSS

CVE•added 2024/09/20 12:15 a.m.•46 views

CVE-2024-45808

Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTED_SERVER_NAME field for access logger...

6.5CVSS6.7AI score0.00027EPSS

CVE•added 2024/07/01 9:15 p.m.•45 views

CVE-2024-39305

Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be immedi...

6.5CVSS6.6AI score0.00082EPSS