CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%
github.com/envoyproxy/envoy is vulnerability to Denial Of Service (DoS). The vulnerability is due to instances with Proxy Protocol version 2 (PPv2) enabled on both a listener and a subsequent cluster. When the downstream request has a command type of LOCAL and lacks the protocol block, attempting to craft the upstream PPv2 header leads to a segmentation fault resulting in DoS.
github.com/envoyproxy/envoy/commit/1950e57869091078cf8c2af41ea092dc2a1be1f0#diff-a35fc10b1ce97239d02ac1791aac05069eaf253d8efc77cefe93749f901e36ab
github.com/envoyproxy/envoy/commit/3f4571dc1884779529c8defc5f07c0f1ef07cba9#diff-a35fc10b1ce97239d02ac1791aac05069eaf253d8efc77cefe93749f901e36ab
github.com/envoyproxy/envoy/commit/5ddd4e633ecb24d79f46877c54648bb6bcceec60#diff-a35fc10b1ce97239d02ac1791aac05069eaf253d8efc77cefe93749f901e36ab
github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a
github.com/envoyproxy/envoy/commit/c6fe0ac50dee481834ff97d569d90876b020f45b#diff-a35fc10b1ce97239d02ac1791aac05069eaf253d8efc77cefe93749f901e36ab
github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j