Vulnerabilites related to envoyproxy - envoy
CVE-2022-21655 (GCVE-0-2022-21655)
Vulnerability from cvelistv5
Published
2022-02-22 22:40
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.18.6 Version: >= 1.19.0, < 1.19.3 Version: >= 1.20.0, < 1.20.2 Version: >= 1.21.0, < 1.21.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:57:22.876617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:21.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.6"
},
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:40:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682"
}
],
"source": {
"advisory": "GHSA-7r5p-7fmh-jxpg",
"discovery": "UNKNOWN"
},
"title": "Incorrect handling of internal redirects results in crash in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21655",
"STATE": "PUBLIC",
"TITLE": "Incorrect handling of internal redirects results in crash in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.18.6"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-670: Always-Incorrect Control Flow Implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682"
}
]
},
"source": {
"advisory": "GHSA-7r5p-7fmh-jxpg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21655",
"datePublished": "2022-02-22T22:40:11.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:21.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21657 (GCVE-0-2022-21657)
Vulnerability from cvelistv5
Published
2022-02-22 22:30
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.20.0, < 1.20.2 Version: >= 1.19.0, < 1.19.3 Version: < 1.18.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/630"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:44.646250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:32.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003c 1.18.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:30:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/pull/630"
}
],
"source": {
"advisory": "GHSA-837m-wjrv-vm5g",
"discovery": "UNKNOWN"
},
"title": "X.509 Extended Key Usage and Trust Purposes bypass in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21657",
"STATE": "PUBLIC",
"TITLE": "X.509 Extended Key Usage and Trust Purposes bypass in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003c 1.18.6"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g"
},
{
"name": "https://github.com/envoyproxy/envoy/pull/630",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/pull/630"
}
]
},
"source": {
"advisory": "GHSA-837m-wjrv-vm5g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21657",
"datePublished": "2022-02-22T22:30:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:32.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32976 (GCVE-0-2024-32976)
Vulnerability from cvelistv5
Published
2024-06-04 20:59
Modified
2024-09-03 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, <= 11.30.1 Version: >= 1.29.0, <= 1.29.4 Version: >= 1.28.0, <= 1.28.3 Version: > 1.18.0, <= 1.27.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThanOrEqual": "1.30.1",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.29.4",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.28.3",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.27.5",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:39:44.498942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:41:58.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c= 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
},
{
"status": "affected",
"version": "\u003e 1.18.0, \u003c= 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:59:59.683Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m"
}
],
"source": {
"advisory": "GHSA-7wp5-c2vq-4f8m",
"discovery": "UNKNOWN"
},
"title": "Envoy can enter an endless loop while decompressing Brotli data with extra input"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32976",
"datePublished": "2024-06-04T20:59:59.683Z",
"dateReserved": "2024-04-22T15:14:59.166Z",
"dateUpdated": "2024-09-03T15:41:58.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29228 (GCVE-0-2022-29228)
Vulnerability from cvelistv5
Published
2022-06-09 19:20
Modified
2025-04-23 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-617 - Reachable Assertion
Summary
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.22.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:54:25.626318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:17:53.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn\u2019t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T19:20:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
}
],
"source": {
"advisory": "GHSA-rww6-8h7g-8jf6",
"discovery": "UNKNOWN"
},
"title": "Reachable assertion in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29228",
"STATE": "PUBLIC",
"TITLE": "Reachable assertion in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.22.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn\u2019t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617: Reachable Assertion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
}
]
},
"source": {
"advisory": "GHSA-rww6-8h7g-8jf6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29228",
"datePublished": "2022-06-09T19:20:13.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:17:53.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53270 (GCVE-0-2024-53270)
Vulnerability from cvelistv5
Published
2024-12-18 19:12
Modified
2024-12-18 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.32.0, < 1.32.3 Version: >= 1.31.0, < 1.31.5 Version: >= 1.30.0, < 1.30.9 Version: < 1.29.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T21:34:59.313563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T21:35:24.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.32.0, \u003c 1.32.3"
},
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.5"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.9"
},
{
"status": "affected",
"version": "\u003c 1.29.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:12:18.775Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3"
},
{
"name": "https://github.com/envoyproxy/envoy/pull/37743/commits/6cf8afda956ba67c9afad185b962325a5242ef02",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/pull/37743/commits/6cf8afda956ba67c9afad185b962325a5242ef02"
}
],
"source": {
"advisory": "GHSA-q9qv-8j52-77p3",
"discovery": "UNKNOWN"
},
"title": "HTTP/1: sending overload crashes when the request is reset beforehand in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53270",
"datePublished": "2024-12-18T19:12:18.775Z",
"dateReserved": "2024-11-19T20:08:14.482Z",
"dateUpdated": "2024-12-18T21:35:24.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23326 (GCVE-0-2024-23326)
Vulnerability from cvelistv5
Published
2024-06-04 20:05
Modified
2024-08-01 22:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-391 - Unchecked Error Condition
Summary
Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.13.0, <= 1.30.1 Version: >= 1.29.0, <= 1.29.4 Version: >= 1.28.0, <= 1.28.3 Version: <= 1.27.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T12:32:08.718611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T15:53:07.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c= 1.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
},
{
"status": "affected",
"version": "\u003c= 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-391",
"description": "CWE-391: Unchecked Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:05:48.230Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c"
}
],
"source": {
"advisory": "GHSA-vcf8-7238-v74c",
"discovery": "UNKNOWN"
},
"title": "Envoy incorrectly accepts HTTP 200 response for entering upgrade mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23326",
"datePublished": "2024-06-04T20:05:48.230Z",
"dateReserved": "2024-01-15T15:19:19.441Z",
"dateUpdated": "2024-08-01T22:59:32.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35941 (GCVE-0-2023-35941)
Vulnerability from cvelistv5
Published
2023-07-25 17:40
Modified
2024-10-24 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.26.0, < 1.26.4 Version: >= 1.25.0, < 1.25.9 Version: >= 1.24.0, < 1.24.10 Version: < 1.23.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35941",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T17:52:08.970068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T17:52:20.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.26.0, \u003c 1.26.4"
},
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.9"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.10"
},
{
"status": "affected",
"version": "\u003c 1.23.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter\u0027s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host\u0027s domain configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T17:40:56.203Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
}
],
"source": {
"advisory": "GHSA-7mhv-gr67-hq55",
"discovery": "UNKNOWN"
},
"title": "Envoy vulnerable to OAuth2 credentials exploit with permanent validity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35941",
"datePublished": "2023-07-25T17:40:56.203Z",
"dateReserved": "2023-06-20T14:02:45.596Z",
"dateUpdated": "2024-10-24T17:52:20.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30255 (GCVE-0-2024-30255)
Vulnerability from cvelistv5
Published
2024-04-04 19:41
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.3 Version: >= 1.28.0, < 1.28.2 Version: >= 1.27.0, < 1.27.4 Version: < 1.26.8 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.29.3",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.28.2",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThan": "1.27.4",
"status": "affected",
"version": "1.27.0",
"versionType": "custom"
},
{
"lessThan": "1.26.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T14:58:49.679014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T13:47:51.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:05.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.3"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.2"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.4"
},
{
"status": "affected",
"version": "\u003c 1.26.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy\u0027s header map limits. This allows an attacker to send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic and culminating in denial of service through CPU exhaustion. Users should upgrade to version 1.29.3, 1.28.2, 1.27.4, or 1.26.8 to mitigate the effects of the CONTINUATION flood. As a workaround, disable HTTP/2 protocol for downstream connections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:07:47.558Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
}
],
"source": {
"advisory": "GHSA-j654-3ccm-vfmm",
"discovery": "UNKNOWN"
},
"title": "HTTP/2: CPU exhaustion due to CONTINUATION frame flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-30255",
"datePublished": "2024-04-04T19:41:02.634Z",
"dateReserved": "2024-03-26T12:52:00.934Z",
"dateUpdated": "2025-02-13T17:47:46.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18838 (GCVE-0-2019-18838)
Vulnerability from cvelistv5
Published
2019-12-13 12:22
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated \"Invalid request\" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request\u0027s Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T12:22:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated \"Invalid request\" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request\u0027s Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"name": "https://groups.google.com/forum/#!forum/envoy-users",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!forum/envoy-users"
},
{
"name": "https://blog.envoyproxy.io",
"refsource": "MISC",
"url": "https://blog.envoyproxy.io"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18838",
"datePublished": "2019-12-13T12:22:33",
"dateReserved": "2019-11-08T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32780 (GCVE-0-2021-32780)
Vulnerability from cvelistv5
Published
2021-08-24 20:55
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.19.0, < 1.19.1 Version: >= 1.18.0, < 1.18.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"status": "affected",
"version": "\u003e= 1.18.0, \u003c 1.18.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T20:55:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
}
],
"source": {
"advisory": "GHSA-j374-mjrw-vvp8",
"discovery": "UNKNOWN"
},
"title": "Incorrect handling of H/2 GOAWAY followed by SETTINGS frames",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32780",
"STATE": "PUBLIC",
"TITLE": "Incorrect handling of H/2 GOAWAY followed by SETTINGS frames"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"version_value": "\u003e= 1.18.0, \u003c 1.18.4"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
"refsource": "MISC",
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
}
]
},
"source": {
"advisory": "GHSA-j374-mjrw-vvp8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32780",
"datePublished": "2021-08-24T20:55:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:56.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43826 (GCVE-0-2021-43826)
Vulnerability from cvelistv5
Published
2022-02-22 22:45
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.18.6 Version: >= 1.19.0, < 1.19.3 Version: >= 1.20.0, < 1.20.2 Version: >= 1.21.0, < 1.21.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:57:19.863004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:09.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.6"
},
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:45:22.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
],
"source": {
"advisory": "GHSA-cmx3-fvgf-83mf",
"discovery": "UNKNOWN"
},
"title": "Crash when tunneling TCP over HTTP in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43826",
"STATE": "PUBLIC",
"TITLE": "Crash when tunneling TCP over HTTP in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.18.6"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
]
},
"source": {
"advisory": "GHSA-cmx3-fvgf-83mf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43826",
"datePublished": "2022-02-22T22:45:22.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:09.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45808 (GCVE-0-2024-45808)
Vulnerability from cvelistv5
Published
2024-09-19 23:34
Modified
2024-09-20 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.31.0, < 1.31.2 Version: >= 1.30.0, < 1.30.6 Version: >= 1.29.0, < 1.29.9 Version: < 1.28.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.28.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.29.9",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.30.6",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
},
{
"lessThan": "1.31.2",
"status": "affected",
"version": "1.31.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:23:51.509637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:25:17.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.2"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.6"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.9"
},
{
"status": "affected",
"version": "\u003c 1.28.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T23:34:26.714Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc"
}
],
"source": {
"advisory": "GHSA-p222-xhp9-39rc",
"discovery": "UNKNOWN"
},
"title": "Malicious log injection via access logs in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45808",
"datePublished": "2024-09-19T23:34:26.714Z",
"dateReserved": "2024-09-09T14:23:07.504Z",
"dateUpdated": "2024-09-20T17:25:17.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30157 (GCVE-0-2025-30157)
Vulnerability from cvelistv5
Published
2025-03-21 14:49
Modified
2025-03-21 15:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-460 - Improper Cleanup on Thrown Exception
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.33.0, < 1.33.1 Version: >= 1.32.0, < 1.32.4 Version: >= 1.31.0, < 1.31.6 Version: < 1.30.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T15:15:06.866158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:15:11.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.33.0, \u003c 1.33.1"
},
{
"status": "affected",
"version": "\u003e= 1.32.0, \u003c 1.32.4"
},
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.6"
},
{
"status": "affected",
"version": "\u003c 1.30.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy\u0027s ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter\u0027s life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-460",
"description": "CWE-460: Improper Cleanup on Thrown Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:49:18.113Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c"
}
],
"source": {
"advisory": "GHSA-cf3q-gqg7-3fm9",
"discovery": "UNKNOWN"
},
"title": "Envoy crashes when HTTP ext_proc processes local replies"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30157",
"datePublished": "2025-03-21T14:49:18.113Z",
"dateReserved": "2025-03-17T12:41:42.566Z",
"dateUpdated": "2025-03-21T15:15:11.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8660 (GCVE-0-2020-8660)
Vulnerability from cvelistv5
Published
2020-03-04 21:10
Modified
2024-08-04 10:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx"
},
{
"name": "RHSA-2020:0734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx"
},
{
"name": "RHSA-2020:0734",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8660",
"datePublished": "2020-03-04T21:10:15",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11767 (GCVE-0-2020-11767)
Vulnerability from cvelistv5
Published
2020-04-15 01:05
Modified
2024-08-04 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:41:59.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/issues/6767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/istio/istio/issues/9429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/istio/istio/issues/13589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim\u0027s browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T01:05:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/issues/6767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/istio/istio/issues/9429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/istio/istio/issues/13589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim\u0027s browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5"
},
{
"name": "https://github.com/envoyproxy/envoy/issues/6767",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/issues/6767"
},
{
"name": "https://github.com/istio/istio/issues/9429",
"refsource": "MISC",
"url": "https://github.com/istio/istio/issues/9429"
},
{
"name": "https://github.com/istio/istio/issues/13589",
"refsource": "MISC",
"url": "https://github.com/istio/istio/issues/13589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11767",
"datePublished": "2020-04-15T01:05:38",
"dateReserved": "2020-04-15T00:00:00",
"dateUpdated": "2024-08-04T11:41:59.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25018 (GCVE-0-2020-25018)
Vulnerability from cvelistv5
Published
2020-10-01 16:46
Modified
2024-08-04 15:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T16:46:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!forum/envoy-security-announce",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!forum/envoy-security-announce"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25018",
"datePublished": "2020-10-01T16:46:06",
"dateReserved": "2020-08-29T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35945 (GCVE-0-2023-35945)
Vulnerability from cvelistv5
Published
2023-07-13 20:41
Modified
2024-10-31 16:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.26.0, < 1.26.3 Version: >= 1.25.0, < 1.25.8 Version: >= 1.24.0, < 1.24.9 Version: >= 1.23.0, < 1.23.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
},
{
"name": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35945",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T16:24:45.853511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:24:53.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.26.0, \u003c 1.26.3"
},
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.8"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.9"
},
{
"status": "affected",
"version": "\u003e= 1.23.0, \u003c 1.23.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy\u2019s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T20:41:15.690Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
},
{
"name": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346"
}
],
"source": {
"advisory": "GHSA-jfxv-29pc-x22r",
"discovery": "UNKNOWN"
},
"title": "Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35945",
"datePublished": "2023-07-13T20:41:15.690Z",
"dateReserved": "2023-06-20T14:02:45.597Z",
"dateUpdated": "2024-10-31T16:24:53.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45806 (GCVE-0-2024-45806)
Vulnerability from cvelistv5
Published
2024-09-19 23:34
Modified
2024-09-20 17:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.31.0, < 1.31.2 Version: >= 1.30.0, < 1.30.6 Version: >= 1.29.0, < 1.29.9 Version: < 1.28.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.28.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.29.9",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.30.6",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
},
{
"lessThan": "1.31.2",
"status": "affected",
"version": "1.31.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:27:09.370822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:28:05.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.2"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.6"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.9"
},
{
"status": "affected",
"version": "\u003c 1.28.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy\u0027s default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T23:34:30.762Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf"
}
],
"source": {
"advisory": "GHSA-ffhv-fvxq-r6mf",
"discovery": "UNKNOWN"
},
"title": "Potential manipulate `x-envoy` headers from external sources in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45806",
"datePublished": "2024-09-19T23:34:30.762Z",
"dateReserved": "2024-09-09T14:23:07.504Z",
"dateUpdated": "2024-09-20T17:28:05.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27492 (GCVE-0-2023-27492)
Vulnerability from cvelistv5
Published
2023-04-04 18:34
Modified
2025-02-11 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes.
As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.25.0, < 1.25.3 Version: >= 1.24.0, < 1.24.4 Version: >= 1.23.0, < 1.23.6 Version: < 1.22.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27492",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:13:50.435366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:13:57.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.3"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.4"
},
{
"status": "affected",
"version": "\u003e= 1.23.0, \u003c 1.23.6"
},
{
"status": "affected",
"version": "\u003c 1.22.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes.\n\nAs of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T18:34:44.470Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2"
}
],
"source": {
"advisory": "GHSA-wpc2-2jp6-ppg2",
"discovery": "UNKNOWN"
},
"title": "Envoy may crash when a large request body is processed in Lua filter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27492",
"datePublished": "2023-04-04T18:34:44.470Z",
"dateReserved": "2023-03-01T19:03:56.634Z",
"dateUpdated": "2025-02-11T16:13:57.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35944 (GCVE-0-2023-35944)
Vulnerability from cvelistv5
Published
2023-07-25 18:35
Modified
2024-10-23 20:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.26.0, < 1.26.4 Version: >= 1.25.0, < 1.25.9 Version: >= 1.24.0, < 1.24.10 Version: < 1.23.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35944",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T20:18:05.086028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T20:18:42.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.26.0, \u003c 1.26.4"
},
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.9"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.10"
},
{
"status": "affected",
"version": "\u003c 1.23.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:35:59.135Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g"
}
],
"source": {
"advisory": "GHSA-pvgm-7jpg-pw5g",
"discovery": "UNKNOWN"
},
"title": "Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35944",
"datePublished": "2023-07-25T18:35:59.135Z",
"dateReserved": "2023-06-20T14:02:45.597Z",
"dateUpdated": "2024-10-23T20:18:42.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15226 (GCVE-0-2019-15226)
Vulnerability from cvelistv5
Published
2019-10-09 15:25
Modified
2024-08-05 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:01.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/issues/8520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:25:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/issues/8520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014"
},
{
"name": "https://github.com/envoyproxy/envoy/issues/8520",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/issues/8520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15226",
"datePublished": "2019-10-09T15:25:02",
"dateReserved": "2019-08-19T00:00:00",
"dateUpdated": "2024-08-05T00:42:01.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39206 (GCVE-0-2021-39206)
Vulnerability from cvelistv5
Published
2021-09-09 22:10
Modified
2024-08-04 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pomerium",
"vendor": "pomerium",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c 0.14.8"
},
{
"status": "affected",
"version": "\u003e= 0.15.0, \u003c 0.15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T22:10:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm"
}
],
"source": {
"advisory": "GHSA-cfc2-wjcm-c8fm",
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization with specially crafted requests",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39206",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization with specially crafted requests"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pomerium",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.11.0, \u003c 0.14.8"
},
{
"version_value": "\u003e= 0.15.0, \u003c 0.15.1"
}
]
}
}
]
},
"vendor_name": "pomerium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"name": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ",
"refsource": "MISC",
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"name": "https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm",
"refsource": "CONFIRM",
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm"
}
]
},
"source": {
"advisory": "GHSA-cfc2-wjcm-c8fm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39206",
"datePublished": "2021-09-09T22:10:15",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29258 (GCVE-0-2021-29258)
Vulnerability from cvelistv5
Published
2021-05-20 16:40
Modified
2024-08-03 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy-setec/pull/230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/releases/tag/v1.14.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T16:40:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy-setec/pull/230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/releases/tag/v1.14.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.envoyproxy.io",
"refsource": "MISC",
"url": "https://blog.envoyproxy.io"
},
{
"name": "https://github.com/envoyproxy/envoy-setec/pull/230",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy-setec/pull/230"
},
{
"name": "https://github.com/envoyproxy/envoy/releases/tag/v1.14.0",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/releases/tag/v1.14.0"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29258",
"datePublished": "2021-05-20T16:40:46",
"dateReserved": "2021-03-26T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29224 (GCVE-0-2022-29224)
Vulnerability from cvelistv5
Published
2022-06-09 19:10
Modified
2025-04-23 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.22.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:46.246318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:17:59.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can \u201chold\u201d (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T19:10:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db"
}
],
"source": {
"advisory": "GHSA-m4j9-86g3-8f49",
"discovery": "UNKNOWN"
},
"title": "Segmentation fault leading to crash in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29224",
"STATE": "PUBLIC",
"TITLE": "Segmentation fault leading to crash in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.22.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can \u201chold\u201d (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db"
}
]
},
"source": {
"advisory": "GHSA-m4j9-86g3-8f49",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29224",
"datePublished": "2022-06-09T19:10:10.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:17:59.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18802 (GCVE-0-2019-18802)
Vulnerability from cvelistv5
Published
2019-12-13 12:21
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
},
{
"name": "openSUSE-SU-2020:0379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T15:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
},
{
"name": "openSUSE-SU-2020:0379",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"name": "https://groups.google.com/forum/#!forum/envoy-users",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!forum/envoy-users"
},
{
"name": "https://blog.envoyproxy.io",
"refsource": "MISC",
"url": "https://blog.envoyproxy.io"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
},
{
"name": "openSUSE-SU-2020:0379",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18802",
"datePublished": "2019-12-13T12:21:26",
"dateReserved": "2019-11-07T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43825 (GCVE-0-2021-43825)
Vulnerability from cvelistv5
Published
2022-02-22 22:45
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.18.6 Version: >= 1.19.0, < 1.19.3 Version: >= 1.20.0, < 1.20.2 Version: >= 1.21.0, < 1.21.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:10:09.261197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:15.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.6"
},
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:45:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
}
],
"source": {
"advisory": "GHSA-h69p-g6xg-mhhh",
"discovery": "UNKNOWN"
},
"title": "Use-after-free in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43825",
"STATE": "PUBLIC",
"TITLE": "Use-after-free in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.18.6"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
}
]
},
"source": {
"advisory": "GHSA-h69p-g6xg-mhhh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43825",
"datePublished": "2022-02-22T22:45:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:15.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44487 (GCVE-0-2023-44487)
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-44487",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:34:21.334116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:14.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "CVE-2023-44487 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:04.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"tags": [
"x_transferred"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"tags": [
"x_transferred"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"tags": [
"x_transferred"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"tags": [
"x_transferred"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"tags": [
"x_transferred"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-07T20:05:34.376Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"url": "https://github.com/golang/go/issues/63417"
},
{
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"url": "https://github.com/line/armeria/pull/5232"
},
{
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44487",
"datePublished": "2023-10-10T00:00:00.000Z",
"dateReserved": "2023-09-29T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:14.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32777 (GCVE-0-2021-32777)
Vulnerability from cvelistv5
Published
2021-08-24 20:25
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.19.0, < 1.19.1 Version: >= 1.18.0, < 1.18.4 Version: >= 1.17.0, < 1.17.4 Version: >= 1.16.0, < 1.16.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"status": "affected",
"version": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"status": "affected",
"version": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-551",
"description": "CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T20:25:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
],
"source": {
"advisory": "GHSA-6g4j-5vrw-2m8h",
"discovery": "UNKNOWN"
},
"title": "Incorrect concatenation of multiple value request headers in ext-authz extension",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32777",
"STATE": "PUBLIC",
"TITLE": "Incorrect concatenation of multiple value request headers in ext-authz extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"version_value": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"version_value": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"version_value": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
"refsource": "MISC",
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
]
},
"source": {
"advisory": "GHSA-6g4j-5vrw-2m8h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32777",
"datePublished": "2021-08-24T20:25:09",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35470 (GCVE-0-2020-35470)
Vulnerability from cvelistv5
Published
2020-12-15 00:48
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/issues/14087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/14131"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T00:48:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/issues/14087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/pull/14131"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/issues/14087",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/issues/14087"
},
{
"name": "https://github.com/envoyproxy/envoy/pull/14131",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/pull/14131"
},
{
"name": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35470",
"datePublished": "2020-12-15T00:48:35",
"dateReserved": "2020-12-15T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12604 (GCVE-0-2020-12604)
Vulnerability from cvelistv5
Published
2020-07-01 14:24
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:24:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12604",
"datePublished": "2020-07-01T14:24:49",
"dateReserved": "2020-05-01T00:00:00",
"dateUpdated": "2024-08-04T12:04:21.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29227 (GCVE-0-2022-29227)
Vulnerability from cvelistv5
Published
2022-06-09 19:30
Modified
2025-04-23 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.22.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:54:22.607730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:17:37.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there\u2019s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T19:30:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab"
}
],
"source": {
"advisory": "GHSA-rm2p-qvf6-pvr6",
"discovery": "UNKNOWN"
},
"title": "Use after free in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29227",
"STATE": "PUBLIC",
"TITLE": "Use after free in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.22.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there\u2019s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab"
}
]
},
"source": {
"advisory": "GHSA-rm2p-qvf6-pvr6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29227",
"datePublished": "2022-06-09T19:30:15.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:17:37.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34363 (GCVE-0-2024-34363)
Vulnerability from cvelistv5
Published
2024-06-04 20:59
Modified
2024-08-02 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-248 - Uncaught Exception
Summary
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, <= 11.30.1 Version: >= 1.29.0, <= 1.29.4 Version: >= 1.28.0, <= 1.28.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T17:23:29.795163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T17:23:47.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c= 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:59:52.773Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4"
}
],
"source": {
"advisory": "GHSA-g979-ph9j-5gg4",
"discovery": "UNKNOWN"
},
"title": "Envoy can crash due to uncaught nlohmann JSON exception"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34363",
"datePublished": "2024-06-04T20:59:52.773Z",
"dateReserved": "2024-05-02T06:36:32.439Z",
"dateUpdated": "2024-08-02T02:51:11.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32781 (GCVE-0-2021-32781)
Vulnerability from cvelistv5
Published
2021-08-24 20:50
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.19.0, < 1.19.1 Version: >= 1.18.0, < 1.18.4 Version: >= 1.17.0, < 1.17.4 Version: >= 1.16.0, < 1.16.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"status": "affected",
"version": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"status": "affected",
"version": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy\u0027s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T20:50:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
}
],
"source": {
"advisory": "GHSA-5vhv-gp9v-42qv",
"discovery": "UNKNOWN"
},
"title": "Continued processing of requests after locally generated response",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32781",
"STATE": "PUBLIC",
"TITLE": "Continued processing of requests after locally generated response"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"version_value": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"version_value": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"version_value": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy\u0027s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
"refsource": "MISC",
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
}
]
},
"source": {
"advisory": "GHSA-5vhv-gp9v-42qv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32781",
"datePublished": "2021-08-24T20:50:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46821 (GCVE-0-2025-46821)
Vulnerability from cvelistv5
Published
2025-05-07 21:24
Modified
2025-05-08 14:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-186 - Overly Restrictive Regular Expression
Summary
Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a workaround, configure additional RBAC permissions using `url_path` with `safe_regex` expression.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.31.8 Version: >= 1.32.0, < 1.32.6 Version: >= 1.33.0, < 1.33.3 Version: >= 1.34.0, < 1.34.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:43:52.581427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T14:11:13.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.31.8"
},
{
"status": "affected",
"version": "\u003e= 1.32.0, \u003c 1.32.6"
},
{
"status": "affected",
"version": "\u003e= 1.33.0, \u003c 1.33.3"
},
{
"status": "affected",
"version": "\u003e= 1.34.0, \u003c 1.34.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy\u0027s URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a workaround, configure additional RBAC permissions using `url_path` with `safe_regex` expression."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-186",
"description": "CWE-186: Overly Restrictive Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T21:24:07.891Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c7cm-838g-6g67",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c7cm-838g-6g67"
}
],
"source": {
"advisory": "GHSA-c7cm-838g-6g67",
"discovery": "UNKNOWN"
},
"title": "Envoy vulnerable to bypass of RBAC uri_template permission"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46821",
"datePublished": "2025-05-07T21:24:07.891Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-05-08T14:11:13.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32779 (GCVE-0-2021-32779)
Vulnerability from cvelistv5
Published
2021-08-24 20:45
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as "/admin#foo" and mismatches with the configured "/admin" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending "#foo" fragment which violates RFC3986 or with the nonsensical "%23foo" text appended. A specifically constructed request with URI containing '#fragment' element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.19.0, < 1.19.1 Version: >= 1.18.0, < 1.18.4 Version: >= 1.17.0, < 1.17.4 Version: >= 1.16.0, < 1.16.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"status": "affected",
"version": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"status": "affected",
"version": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI \u0027#fragment\u0027 element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final \"/admin\" path element, or is using a negative assertion with final path element of \"/admin\". The client sends request to \"/app1/admin#foo\". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as \"/admin#foo\" and mismatches with the configured \"/admin\" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending \"#foo\" fragment which violates RFC3986 or with the nonsensical \"%23foo\" text appended. A specifically constructed request with URI containing \u0027#fragment\u0027 element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-551",
"description": "CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T20:45:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
}
],
"source": {
"advisory": "GHSA-r222-74fw-jqr9",
"discovery": "UNKNOWN"
},
"title": "Incorrectly handling of URI \u0027#fragment\u0027 element as part of the path element",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32779",
"STATE": "PUBLIC",
"TITLE": "Incorrectly handling of URI \u0027#fragment\u0027 element as part of the path element"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"version_value": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"version_value": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"version_value": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI \u0027#fragment\u0027 element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final \"/admin\" path element, or is using a negative assertion with final path element of \"/admin\". The client sends request to \"/app1/admin#foo\". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as \"/admin#foo\" and mismatches with the configured \"/admin\" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending \"#foo\" fragment which violates RFC3986 or with the nonsensical \"%23foo\" text appended. A specifically constructed request with URI containing \u0027#fragment\u0027 element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
"refsource": "MISC",
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
}
]
},
"source": {
"advisory": "GHSA-r222-74fw-jqr9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32779",
"datePublished": "2021-08-24T20:45:09",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9900 (GCVE-0-2019-9900)
Vulnerability from cvelistv5
Published
2019-04-25 14:55
Modified
2024-08-04 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:55.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:0741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0741"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/issues/6434"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:27:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2019:0741",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0741"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/issues/6434"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0741",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0741"
},
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/issues/6434",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/issues/6434"
},
{
"name": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9900",
"datePublished": "2019-04-25T14:55:57",
"dateReserved": "2019-03-21T00:00:00",
"dateUpdated": "2024-08-04T22:01:55.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34362 (GCVE-0-2024-34362)
Vulnerability from cvelistv5
Published
2024-06-04 20:59
Modified
2024-08-19 15:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, <= 11.30.1 Version: >= 1.29.0, <= 1.29.4 Version: >= 1.28.0, <= 1.28.3 Version: <= 1.27.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:10.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.27.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.28.4",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThan": "1.29.5",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.30.2",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34362",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T15:26:24.663947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T15:35:54.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c= 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
},
{
"status": "affected",
"version": "\u003c= 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:59:56.390Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv"
}
],
"source": {
"advisory": "GHSA-hww5-43gv-35jv",
"discovery": "UNKNOWN"
},
"title": "Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34362",
"datePublished": "2024-06-04T20:59:56.390Z",
"dateReserved": "2024-05-02T06:36:32.439Z",
"dateUpdated": "2024-08-19T15:35:54.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39162 (GCVE-0-2021-39162)
Vulnerability from cvelistv5
Published
2021-09-09 22:05
Modified
2024-08-04 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pomerium",
"vendor": "pomerium",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.15.0, \u003c 0.15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T22:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
}
],
"source": {
"advisory": "GHSA-gjcg-vrxg-xmgv",
"discovery": "UNKNOWN"
},
"title": "Incorrect handling of H2 GOAWAY + SETTINGS frames",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39162",
"STATE": "PUBLIC",
"TITLE": "Incorrect handling of H2 GOAWAY + SETTINGS frames"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pomerium",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.15.0, \u003c 0.15.1"
}
]
}
}
]
},
"vendor_name": "pomerium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ",
"refsource": "MISC",
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"name": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv",
"refsource": "CONFIRM",
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
}
]
},
"source": {
"advisory": "GHSA-gjcg-vrxg-xmgv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39162",
"datePublished": "2021-09-09T22:05:11",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9901 (GCVE-0-2019-9901)
Vulnerability from cvelistv5
Published
2019-04-25 15:31
Modified
2024-08-04 22:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:55.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/issues/6435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T13:40:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/issues/6435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:L/C:L/I:L/PR:N/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history",
"refsource": "CONFIRM",
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/issues/6435",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/issues/6435"
},
{
"name": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9901",
"datePublished": "2019-04-25T15:31:19",
"dateReserved": "2019-03-21T00:00:00",
"dateUpdated": "2024-08-04T22:01:55.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23322 (GCVE-0-2024-23322)
Vulnerability from cvelistv5
Published
2024-02-09 22:51
Modified
2024-08-01 22:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.1 Version: >= 1.28.0, < 1.28.1 Version: >= 1.27.0, < 1.27.3 Version: < 1.26.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T19:07:29.878703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:52.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.1"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.3"
},
{
"status": "affected",
"version": "\u003c 1.26.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:51:53.539Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e"
}
],
"source": {
"advisory": "GHSA-6p83-mfmh-qv38",
"discovery": "UNKNOWN"
},
"title": "Envoy crashes when idle and request per try timeout occur within the backoff interval"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23322",
"datePublished": "2024-02-09T22:51:53.539Z",
"dateReserved": "2024-01-15T15:19:19.438Z",
"dateUpdated": "2024-08-01T22:59:32.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28682 (GCVE-0-2021-28682)
Vulnerability from cvelistv5
Published
2021-05-20 16:15
Modified
2024-08-03 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T16:15:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/releases",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"name": "https://blog.envoyproxy.io",
"refsource": "MISC",
"url": "https://blog.envoyproxy.io"
},
{
"name": "https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28682",
"datePublished": "2021-05-20T16:15:20",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53269 (GCVE-0-2024-53269)
Vulnerability from cvelistv5
Published
2024-12-18 19:12
Modified
2024-12-18 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.32.0, < 1.32.2 Version: >= 1.31.0, < 1.31.4 Version: >= 1.30.0, < 1.30.8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53269",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T21:35:53.383332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T21:36:18.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.32.0, \u003c 1.32.2"
},
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.4"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:12:17.033Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53"
},
{
"name": "https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401"
}
],
"source": {
"advisory": "GHSA-mfqp-7mmj-rm53",
"discovery": "UNKNOWN"
},
"title": "Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53269",
"datePublished": "2024-12-18T19:12:17.033Z",
"dateReserved": "2024-11-19T20:08:14.482Z",
"dateUpdated": "2024-12-18T21:36:18.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27919 (GCVE-0-2024-27919)
Vulnerability from cvelistv5
Published
2024-04-04 14:30
Modified
2025-02-13 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-390 - Detection of Error Condition Without Action
Summary
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:1.29.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.29.2",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T00:03:09.545061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T00:04:41.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "CWE-390: Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T18:07:45.997Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
}
],
"source": {
"advisory": "GHSA-gghf-vfxp-799r",
"discovery": "UNKNOWN"
},
"title": "HTTP/2: memory exhaustion due to CONTINUATION frame flood"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27919",
"datePublished": "2024-04-04T14:30:11.144Z",
"dateReserved": "2024-02-28T15:14:14.214Z",
"dateUpdated": "2025-02-13T17:47:14.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18801 (GCVE-0-2019-18801)
Vulnerability from cvelistv5
Published
2019-12-13 12:20
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy\u0027s access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T12:20:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy\u0027s access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/commits/master",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"name": "https://groups.google.com/forum/#!forum/envoy-users",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!forum/envoy-users"
},
{
"name": "https://blog.envoyproxy.io",
"refsource": "MISC",
"url": "https://blog.envoyproxy.io"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp"
},
{
"name": "https://access.redhat.com/errata/RHSA-2019:4222",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2019:4222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18801",
"datePublished": "2019-12-13T12:20:00",
"dateReserved": "2019-11-07T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27493 (GCVE-0-2023-27493)
Vulnerability from cvelistv5
Published
2023-04-04 19:46
Modified
2025-02-11 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.25.0, < 1.25.3 Version: >= 1.24.0, < 1.24.4 Version: >= 1.23.0, < 1.23.6 Version: < 1.22.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:12:56.352188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:13:04.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.3"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.4"
},
{
"status": "affected",
"version": "\u003e= 1.23.0, \u003c 1.23.6"
},
{
"status": "affected",
"version": "\u003c 1.22.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy\u2019s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T19:46:57.044Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q"
}
],
"source": {
"advisory": "GHSA-w5w5-487h-qv8q",
"discovery": "UNKNOWN"
},
"title": "Envoy doesn\u0027t escape HTTP header values"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27493",
"datePublished": "2023-04-04T19:46:57.044Z",
"dateReserved": "2023-03-01T19:03:56.634Z",
"dateUpdated": "2025-02-11T16:13:04.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15104 (GCVE-0-2020-15104)
Vulnerability from cvelistv5
Published
2020-07-14 22:05
Modified
2024-08-04 13:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, when it should only allow subdomain.example.com. This defect applies to both validating a client TLS certificate in mTLS, and validating a server TLS certificate for upstream connections. This vulnerability is only applicable to situations where an untrusted entity can obtain a signed wildcard TLS certificate for a domain of which you only intend to trust a subdomain of. For example, if you intend to trust api.mysubdomain.example.com, and an untrusted actor can obtain a signed TLS certificate for *.example.com or *.com. Configurations are vulnerable if they use verify_subject_alt_name in any Envoy version, or if they use match_subject_alt_names in version 1.14 or later. This issue has been fixed in Envoy versions 1.12.6, 1.13.4, 1.14.4, 1.15.0.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.12.6 Version: >= 1.13.0, < 1.13.4 Version: >= 1.14.0, < 1.14.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.12.6"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.4"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, when it should only allow subdomain.example.com. This defect applies to both validating a client TLS certificate in mTLS, and validating a server TLS certificate for upstream connections. This vulnerability is only applicable to situations where an untrusted entity can obtain a signed wildcard TLS certificate for a domain of which you only intend to trust a subdomain of. For example, if you intend to trust api.mysubdomain.example.com, and an untrusted actor can obtain a signed TLS certificate for *.example.com or *.com. Configurations are vulnerable if they use verify_subject_alt_name in any Envoy version, or if they use match_subject_alt_names in version 1.14 or later. This issue has been fixed in Envoy versions 1.12.6, 1.13.4, 1.14.4, 1.15.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T22:05:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg"
}
],
"source": {
"advisory": "GHSA-w5f5-6qhq-hhrg",
"discovery": "UNKNOWN"
},
"title": "TLS Validation Vulnerability in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15104",
"STATE": "PUBLIC",
"TITLE": "TLS Validation Vulnerability in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.12.6"
},
{
"version_value": "\u003e= 1.13.0, \u003c 1.13.4"
},
{
"version_value": "\u003e= 1.14.0, \u003c 1.14.4"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, when it should only allow subdomain.example.com. This defect applies to both validating a client TLS certificate in mTLS, and validating a server TLS certificate for upstream connections. This vulnerability is only applicable to situations where an untrusted entity can obtain a signed wildcard TLS certificate for a domain of which you only intend to trust a subdomain of. For example, if you intend to trust api.mysubdomain.example.com, and an untrusted actor can obtain a signed TLS certificate for *.example.com or *.com. Configurations are vulnerable if they use verify_subject_alt_name in any Envoy version, or if they use match_subject_alt_names in version 1.14 or later. This issue has been fixed in Envoy versions 1.12.6, 1.13.4, 1.14.4, 1.15.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346: Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg"
}
]
},
"source": {
"advisory": "GHSA-w5f5-6qhq-hhrg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15104",
"datePublished": "2020-07-14T22:05:14",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32974 (GCVE-0-2024-32974)
Vulnerability from cvelistv5
Published
2024-06-04 21:00
Modified
2024-08-02 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, <= 11.30.1 Version: >= 1.29.0, <= 1.29.4 Version: >= 1.28.0, <= 1.28.3 Version: <= 1.27.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T18:30:05.375686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T18:30:25.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c= 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
},
{
"status": "affected",
"version": "\u003c= 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM\u0027s `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:00:07.788Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299"
}
],
"source": {
"advisory": "GHSA-mgxp-7hhp-8299",
"discovery": "UNKNOWN"
},
"title": "Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32974",
"datePublished": "2024-06-04T21:00:07.788Z",
"dateReserved": "2024-04-22T15:14:59.166Z",
"dateUpdated": "2024-08-02T02:27:53.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28683 (GCVE-0-2021-28683)
Vulnerability from cvelistv5
Published
2021-05-20 16:34
Modified
2024-08-03 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-20T16:34:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/releases",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"name": "https://blog.envoyproxy.io",
"refsource": "MISC",
"url": "https://blog.envoyproxy.io"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28683",
"datePublished": "2021-05-20T16:34:19",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:33.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23323 (GCVE-0-2024-23323)
Vulnerability from cvelistv5
Published
2024-02-09 22:50
Modified
2024-08-01 22:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.1 Version: >= 1.28.0, < 1.28.1 Version: >= 1.27.0, < 1.27.3 Version: < 1.26.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T16:42:03.639531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:51.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.1"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.3"
},
{
"status": "affected",
"version": "\u003c 1.26.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1176",
"description": "CWE-1176: Inefficient CPU Computation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:50:18.938Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
}
],
"source": {
"advisory": "GHSA-x278-4w4x-r7ch",
"discovery": "UNKNOWN"
},
"title": "Excessive CPU usage when URI template matcher is configured using regex in Envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23323",
"datePublished": "2024-02-09T22:50:18.938Z",
"dateReserved": "2024-01-15T15:19:19.439Z",
"dateUpdated": "2024-08-01T22:59:32.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29226 (GCVE-0-2022-29226)
Vulnerability from cvelistv5
Published
2022-06-09 19:25
Modified
2025-04-23 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.22.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:49:18.243210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:17:43.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T19:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh"
}
],
"source": {
"advisory": "GHSA-h45c-2f94-prxh",
"discovery": "UNKNOWN"
},
"title": "Trivial authentication bypass in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29226",
"STATE": "PUBLIC",
"TITLE": "Trivial authentication bypass in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.22.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh"
}
]
},
"source": {
"advisory": "GHSA-h45c-2f94-prxh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29226",
"datePublished": "2022-06-09T19:25:11.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:17:43.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15225 (GCVE-0-2019-15225)
Vulnerability from cvelistv5
Published
2019-08-19 22:57
Modified
2024-08-05 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:01.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/issues/7728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-19T22:57:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/issues/7728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/issues/7728",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/issues/7728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15225",
"datePublished": "2019-08-19T22:57:58",
"dateReserved": "2019-08-19T00:00:00",
"dateUpdated": "2024-08-05T00:42:01.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34364 (GCVE-0-2024-34364)
Vulnerability from cvelistv5
Published
2024-06-04 20:59
Modified
2024-08-02 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, <= 11.30.1 Version: >= 1.29.0, <= 1.29.4 Version: >= 1.28.0, <= 1.28.3 Version: <= 1.27.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T18:21:15.473753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T18:21:22.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:10.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c= 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
},
{
"status": "affected",
"version": "\u003c= 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:59:48.968Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"
}
],
"source": {
"advisory": "GHSA-xcj3-h7vf-fw26",
"discovery": "UNKNOWN"
},
"title": "Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34364",
"datePublished": "2024-06-04T20:59:48.968Z",
"dateReserved": "2024-05-02T06:36:32.439Z",
"dateUpdated": "2024-08-02T02:51:10.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12603 (GCVE-0-2020-12603)
Vulnerability from cvelistv5
Published
2020-07-01 13:53
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T13:53:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy-setec/issues/80",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy-setec/issues/80"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12603",
"datePublished": "2020-07-01T13:53:19",
"dateReserved": "2020-05-01T00:00:00",
"dateUpdated": "2024-08-04T12:04:21.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27496 (GCVE-0-2023-27496)
Vulnerability from cvelistv5
Published
2023-04-04 19:48
Modified
2025-02-10 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.25.0, < 1.25.3 Version: >= 1.24.0, < 1.24.4 Version: >= 1.23.0, < 1.23.6 Version: < 1.22.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T21:34:11.044829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T21:34:14.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.3"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.4"
},
{
"status": "affected",
"version": "\u003e= 1.23.0, \u003c 1.23.6"
},
{
"status": "affected",
"version": "\u003c 1.22.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script). \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T19:48:56.678Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5"
}
],
"source": {
"advisory": "GHSA-j79q-2g66-2xv5",
"discovery": "UNKNOWN"
},
"title": "Envoy may crash when a redirect url without a state param is received in the oauth filter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27496",
"datePublished": "2023-04-04T19:48:56.678Z",
"dateReserved": "2023-03-01T19:03:56.635Z",
"dateUpdated": "2025-02-10T21:34:14.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23606 (GCVE-0-2022-23606)
Vulnerability from cvelistv5
Published
2022-02-22 22:20
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-674 - Uncontrolled Recursion
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.20.0, < 1.20.2 Version: >= 1.21.0, < 1.21.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:10:12.491502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:49.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:20:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31"
}
],
"source": {
"advisory": "GHSA-9vp2-4cp7-vvxf",
"discovery": "UNKNOWN"
},
"title": "Crash when a cluster is deleted in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23606",
"STATE": "PUBLIC",
"TITLE": "Crash when a cluster is deleted in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-674: Uncontrolled Recursion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31"
}
]
},
"source": {
"advisory": "GHSA-9vp2-4cp7-vvxf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23606",
"datePublished": "2022-02-22T22:20:13.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:49.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32975 (GCVE-0-2024-32975)
Vulnerability from cvelistv5
Published
2024-06-04 21:00
Modified
2024-08-02 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Summary
Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, <= 11.30.1 Version: >= 1.29.0, <= 1.29.4 Version: >= 1.28.0, <= 1.28.3 Version: <= 1.27.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThanOrEqual": "1.27.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.28.3",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.29.4",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.30.1",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:20:00.503325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:30:20.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c= 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c= 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c= 1.28.3"
},
{
"status": "affected",
"version": "\u003c= 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:00:03.208Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc"
}
],
"source": {
"advisory": "GHSA-g9mq-6v96-cpqc",
"discovery": "UNKNOWN"
},
"title": "Envoy crashes in QuicheDataReader::PeekVarInt62Length()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32975",
"datePublished": "2024-06-04T21:00:03.208Z",
"dateReserved": "2024-04-22T15:14:59.166Z",
"dateUpdated": "2024-08-02T02:27:53.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29225 (GCVE-0-2022-29225)
Vulnerability from cvelistv5
Published
2022-06-09 19:15
Modified
2025-04-22 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.22.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29225",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:40:47.984575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:54:27.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.22.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T19:15:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
}
],
"source": {
"advisory": "GHSA-75hv-2jjj-89hh",
"discovery": "UNKNOWN"
},
"title": "Zip bomb vulnerability in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29225",
"STATE": "PUBLIC",
"TITLE": "Zip bomb vulnerability in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.22.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
}
]
},
"source": {
"advisory": "GHSA-75hv-2jjj-89hh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29225",
"datePublished": "2022-06-09T19:15:14.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:54:27.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45807 (GCVE-0-2024-45807)
Vulnerability from cvelistv5
Published
2024-09-19 23:34
Modified
2024-09-20 17:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.31.0, < 1.31.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.31.2",
"status": "affected",
"version": "1.31.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:25:59.102708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:26:33.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy\u0027s 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T23:34:28.938Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37"
}
],
"source": {
"advisory": "GHSA-qc52-r4x5-9w37",
"discovery": "UNKNOWN"
},
"title": "oghttp2 crash on OnBeginHeadersForStream in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45807",
"datePublished": "2024-09-19T23:34:28.938Z",
"dateReserved": "2024-09-09T14:23:07.504Z",
"dateUpdated": "2024-09-20T17:26:33.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23327 (GCVE-0-2024-23327)
Vulnerability from cvelistv5
Published
2024-02-09 22:41
Modified
2025-06-09 18:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.1 Version: >= 1.28.0, < 1.28.1 Version: >= 1.27.0, < 1.27.3 Version: < 1.26.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T18:42:11.830709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:42:27.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.1"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.3"
},
{
"status": "affected",
"version": "\u003c 1.26.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:41:54.896Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a"
}
],
"source": {
"advisory": "GHSA-4h5x-x9vh-m29j",
"discovery": "UNKNOWN"
},
"title": "Crash in proxy protocol when command type of LOCAL in Envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23327",
"datePublished": "2024-02-09T22:41:54.896Z",
"dateReserved": "2024-01-15T15:19:19.441Z",
"dateUpdated": "2025-06-09T18:42:27.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32778 (GCVE-0-2021-32778)
Vulnerability from cvelistv5
Published
2021-08-24 20:30
Modified
2024-08-03 23:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-834 - Excessive Iteration
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.19.0, < 1.19.1 Version: >= 1.18.0, < 1.18.4 Version: >= 1.17.0, < 1.17.4 Version: >= 1.16.0, < 1.16.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"status": "affected",
"version": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"status": "affected",
"version": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"status": "affected",
"version": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy\u2019s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T20:30:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
}
],
"source": {
"advisory": "GHSA-3xh3-33v5-chcc",
"discovery": "UNKNOWN"
},
"title": "Excessive CPU utilization when closing HTTP/2 streams",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32778",
"STATE": "PUBLIC",
"TITLE": "Excessive CPU utilization when closing HTTP/2 streams"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.1"
},
{
"version_value": "\u003e= 1.18.0, \u003c 1.18.4"
},
{
"version_value": "\u003e= 1.17.0, \u003c 1.17.4"
},
{
"version_value": "\u003e= 1.16.0, \u003c 1.16.5"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy\u2019s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-834: Excessive Iteration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
"refsource": "MISC",
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
}
]
},
"source": {
"advisory": "GHSA-3xh3-33v5-chcc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32778",
"datePublished": "2021-08-24T20:30:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21656 (GCVE-0-2022-21656)
Vulnerability from cvelistv5
Published
2022-02-22 22:25
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.20.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:47.477332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:38.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.20.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a \"type confusion\" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e"
}
],
"source": {
"advisory": "GHSA-c9g7-xwcv-pjx2",
"discovery": "UNKNOWN"
},
"title": "X.509 subjectAltName matching bypass in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21656",
"STATE": "PUBLIC",
"TITLE": "X.509 subjectAltName matching bypass in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.20.2"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a \"type confusion\" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e"
}
]
},
"source": {
"advisory": "GHSA-c9g7-xwcv-pjx2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21656",
"datePublished": "2022-02-22T22:25:11.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:38.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27491 (GCVE-0-2023-27491)
Vulnerability from cvelistv5
Published
2023-04-04 18:18
Modified
2025-02-11 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.25.0, < 1.25.3 Version: >= 1.24.0, < 1.24.4 Version: >= 1.23.0, < 1.23.6 Version: < 1.22.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:14:39.480822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:14:43.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.3"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.4"
},
{
"status": "affected",
"version": "\u003e= 1.23.0, \u003c 1.23.6"
},
{
"status": "affected",
"version": "\u003c 1.22.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T18:18:23.433Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"
}
],
"source": {
"advisory": "GHSA-5jmv-cw9p-f9rp",
"discovery": "UNKNOWN"
},
"title": "Envoy forwards invalid Http2/Http3 downstream headers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27491",
"datePublished": "2023-04-04T18:18:23.433Z",
"dateReserved": "2023-03-01T19:03:56.634Z",
"dateUpdated": "2025-02-11T16:14:43.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29492 (GCVE-0-2021-29492)
Vulnerability from cvelistv5
Published
2021-05-28 21:00
Modified
2024-08-03 22:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\` interchangeably.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: <= 1.18.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.18.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\\` interchangeably."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T11:25:20",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf"
}
],
"source": {
"advisory": "GHSA-4987-27fx-x6cf",
"discovery": "UNKNOWN"
},
"title": "Bypass of path matching rules using escaped slash characters",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29492",
"STATE": "PUBLIC",
"TITLE": "Bypass of path matching rules using escaped slash characters"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.18.2"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\\` interchangeably."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf"
}
]
},
"source": {
"advisory": "GHSA-4987-27fx-x6cf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29492",
"datePublished": "2021-05-28T21:00:24",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:05.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21378 (GCVE-0-2021-21378)
Vulnerability from cvelistv5
Published
2021-03-11 02:40
Modified
2024-08-03 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy's JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers' results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: = 1.17.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:16.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/15194"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "= 1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy\u0027s JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy\u0027s JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers\u0027 results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T02:40:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/pull/15194"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a"
}
],
"source": {
"advisory": "GHSA-4996-m8hf-hj27",
"discovery": "UNKNOWN"
},
"title": "JWT authentication bypass with unknown issuer token",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21378",
"STATE": "PUBLIC",
"TITLE": "JWT authentication bypass with unknown issuer token"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "= 1.17.0"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy\u0027s JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy\u0027s JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers\u0027 results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-303: Incorrect Implementation of Authentication Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27"
},
{
"name": "https://github.com/envoyproxy/envoy/pull/15194",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/pull/15194"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a"
}
]
},
"source": {
"advisory": "GHSA-4996-m8hf-hj27",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21378",
"datePublished": "2021-03-11T02:40:14",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:16.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39305 (GCVE-0-2024-39305)
Vulnerability from cvelistv5
Published
2024-07-01 21:10
Modified
2024-08-02 04:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be immediately apparent if it was configured. Memory allocated for holding attribute values is freed after configuration was parsed. During request processing Envoy will attempt to copy content of de-allocated memory into request cookie header. This can lead to arbitrary content of Envoy's memory to be sent to the upstream service or abnormal process termination. This vulnerability is fixed in Envoy versions v1.30.4, v1.29.7, v1.28.5, and v1.27.7. As a workaround, do not use cookie attributes in route action hash policy.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, < 1.30.4 Version: >= 1.29.0, < 1.29.7 Version: >= 1.28.0, < 1.28.5 Version: < 1.27.7 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:1.28.0:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.29.0:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.30.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.28.5",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThan": "1.29.7",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.30.4",
"status": "affected",
"version": "1.30.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.27.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T20:29:30.709681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T20:34:09.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fp35-g349-h66f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fp35-g349-h66f"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/02a06681fbe0e039b1c7a9215257a7537eddb518",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/02a06681fbe0e039b1c7a9215257a7537eddb518"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/50b384cb203a1f2894324cbae64b6d9bc44cce45",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/50b384cb203a1f2894324cbae64b6d9bc44cce45"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/99b6e525fb9f6f6f19a0425f779bc776f121c7e5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/99b6e525fb9f6f6f19a0425f779bc776f121c7e5"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/b7f509607ad860fd6a63cde4f7d6f0197f9f63bb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/b7f509607ad860fd6a63cde4f7d6f0197f9f63bb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.4"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.7"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.5"
},
{
"status": "affected",
"version": "\u003c 1.27.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be immediately apparent if it was configured. Memory allocated for holding attribute values is freed after configuration was parsed. During request processing Envoy will attempt to copy content of de-allocated memory into request cookie header. This can lead to arbitrary content of Envoy\u0027s memory to be sent to the upstream service or abnormal process termination. This vulnerability is fixed in Envoy versions v1.30.4, v1.29.7, v1.28.5, and v1.27.7. As a workaround, do not use cookie attributes in route action hash policy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:10:23.566Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fp35-g349-h66f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fp35-g349-h66f"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/02a06681fbe0e039b1c7a9215257a7537eddb518",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/02a06681fbe0e039b1c7a9215257a7537eddb518"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/50b384cb203a1f2894324cbae64b6d9bc44cce45",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/50b384cb203a1f2894324cbae64b6d9bc44cce45"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/99b6e525fb9f6f6f19a0425f779bc776f121c7e5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/99b6e525fb9f6f6f19a0425f779bc776f121c7e5"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/b7f509607ad860fd6a63cde4f7d6f0197f9f63bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/b7f509607ad860fd6a63cde4f7d6f0197f9f63bb"
}
],
"source": {
"advisory": "GHSA-fp35-g349-h66f",
"discovery": "UNKNOWN"
},
"title": "Envoy Proxy use after free when route hash policy is configured with cookie attributes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39305",
"datePublished": "2024-07-01T21:10:23.566Z",
"dateReserved": "2024-06-21T18:15:22.259Z",
"dateUpdated": "2024-08-02T04:19:20.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12605 (GCVE-0-2020-12605)
Vulnerability from cvelistv5
Published
2020-07-01 14:33
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:21.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:33:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy-setec/issues/137",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy-setec/issues/137"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12605",
"datePublished": "2020-07-01T14:33:47",
"dateReserved": "2020-05-01T00:00:00",
"dateUpdated": "2024-08-04T12:04:21.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18836 (GCVE-0-2019-18836)
Vulnerability from cvelistv5
Published
2019-11-11 00:17
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/istio/istio/issues/18229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T18:53:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.envoyproxy.io"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/istio/istio/issues/18229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!forum/envoy-users",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!forum/envoy-users"
},
{
"name": "https://blog.envoyproxy.io",
"refsource": "MISC",
"url": "https://blog.envoyproxy.io"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46"
},
{
"name": "https://github.com/istio/istio/issues/18229",
"refsource": "MISC",
"url": "https://github.com/istio/istio/issues/18229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18836",
"datePublished": "2019-11-11T00:17:35",
"dateReserved": "2019-11-07T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27488 (GCVE-0-2023-27488)
Vulnerability from cvelistv5
Published
2023-04-04 17:57
Modified
2025-02-11 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service.
When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests.
As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.25.0, <1.25.3 Version: >= 1.24.0, < 1.24.4 Version: >= 1.23.0, < 1.23.6 Version: < 1.22.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T17:03:21.379361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T17:03:30.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c1.25.3"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.4"
},
{
"status": "affected",
"version": "\u003e= 1.23.0, \u003c 1.23.6"
},
{
"status": "affected",
"version": "\u003c 1.22.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service.\n\nWhen Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. \n\nAs of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T17:57:17.379Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph"
}
],
"source": {
"advisory": "GHSA-9g5w-hqr3-w2ph",
"discovery": "UNKNOWN"
},
"title": "Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27488",
"datePublished": "2023-04-04T17:57:17.379Z",
"dateReserved": "2023-03-01T19:03:56.634Z",
"dateUpdated": "2025-02-11T17:03:30.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43824 (GCVE-0-2021-43824)
Vulnerability from cvelistv5
Published
2022-02-22 22:15
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.20.0, < 1.20.2 Version: >= 1.19.0, < 1.19.3 Version: < 1.18.6 Version: >= 1.21.0, < 1.21.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-43824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:57:27.390383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:55.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003c 1.18.6"
},
{
"status": "affected",
"version": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:15:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a"
}
],
"source": {
"advisory": "GHSA-vj5m-rch8-5r2p",
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference in envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43824",
"STATE": "PUBLIC",
"TITLE": "Null pointer dereference in envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003c 1.18.6"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a"
}
]
},
"source": {
"advisory": "GHSA-vj5m-rch8-5r2p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43824",
"datePublished": "2022-02-22T22:15:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:55.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8663 (GCVE-0-2020-8663)
Vulnerability from cvelistv5
Published
2020-07-01 14:19
Modified
2024-08-04 10:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T14:19:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
"refsource": "MISC",
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8663",
"datePublished": "2020-07-01T14:19:26",
"dateReserved": "2020-02-06T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27487 (GCVE-0-2023-27487)
Vulnerability from cvelistv5
Published
2023-04-04 15:42
Modified
2025-02-11 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.25.0, <1.25.3 Version: >= 1.24.0, < 1.24.4 Version: >= 1.23.0, < 1.23.6 Version: < 1.22.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27487",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:17:17.383620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:17:22.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c1.25.3"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.4"
},
{
"status": "affected",
"version": "\u003e= 1.23.0, \u003c 1.23.6"
},
{
"status": "affected",
"version": "\u003c 1.22.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-04T15:42:34.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g"
}
],
"source": {
"advisory": "GHSA-5375-pq35-hf2g",
"discovery": "UNKNOWN"
},
"title": "Envoy client may fake the header `x-envoy-original-path`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27487",
"datePublished": "2023-04-04T15:42:34.330Z",
"dateReserved": "2023-03-01T19:03:56.634Z",
"dateUpdated": "2025-02-11T16:17:22.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32475 (GCVE-0-2024-32475)
Vulnerability from cvelistv5
Published
2024-04-18 14:18
Modified
2024-08-02 02:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.30.0, < 11.30.1 Version: >= 1.29.0, < 1.29.4 Version: >= 1.28.0, < 1.28.3 Version: >= 1.13.0, < 1.27.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.27.5",
"status": "affected",
"version": "1.13.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T19:38:07.050413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:20.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 11.30.1"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.4"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.3"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.27.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T14:18:18.947Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"
}
],
"source": {
"advisory": "GHSA-3mh5-6q8v-25wj",
"discovery": "UNKNOWN"
},
"title": "Envoy RELEASE_ASSERT using auto_sni with :authority header \u003e 255 bytes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32475",
"datePublished": "2024-04-18T14:18:18.947Z",
"dateReserved": "2024-04-12T19:41:51.167Z",
"dateUpdated": "2024-08-02T02:13:39.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25017 (GCVE-0-2020-25017)
Vulnerability from cvelistv5
Published
2020-10-01 16:39
Modified
2024-08-04 15:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy\u2019s setCopy() header map API does not replace all existing occurences of a non-inline header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-01T16:39:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy\u2019s setCopy() header map API does not replace all existing occurences of a non-inline header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!forum/envoy-security-announce",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!forum/envoy-security-announce"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25017",
"datePublished": "2020-10-01T16:39:40",
"dateReserved": "2020-08-29T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39204 (GCVE-0-2021-39204)
Vulnerability from cvelistv5
Published
2021-09-09 22:10
Modified
2024-08-04 01:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-834 - Excessive Iteration
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pomerium",
"vendor": "pomerium",
"versions": [
{
"status": "affected",
"version": "\u003c 0.14.8"
},
{
"status": "affected",
"version": "\u003e= 0.15.0, \u003c 0.15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T22:10:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"
}
],
"source": {
"advisory": "GHSA-5wjf-62hw-q78r",
"discovery": "UNKNOWN"
},
"title": "Excessive CPU usage in Pomerium",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39204",
"STATE": "PUBLIC",
"TITLE": "Excessive CPU usage in Pomerium"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pomerium",
"version": {
"version_data": [
{
"version_value": "\u003c 0.14.8"
},
{
"version_value": "\u003e= 0.15.0, \u003c 0.15.1"
}
]
}
}
]
},
"vendor_name": "pomerium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-834: Excessive Iteration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ",
"refsource": "MISC",
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
},
{
"name": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r",
"refsource": "CONFIRM",
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"
}
]
},
"source": {
"advisory": "GHSA-5wjf-62hw-q78r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39204",
"datePublished": "2021-09-09T22:10:09",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53271 (GCVE-0-2024-53271)
Vulnerability from cvelistv5
Published
2024-12-18 19:12
Modified
2024-12-18 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.31.0, < 1.31.5 Version: >= 1.32.0, < 1.32.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53271",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T21:32:16.518571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T21:34:22.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.5"
},
{
"status": "affected",
"version": "\u003e= 1.32.0, \u003c 1.32.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:12:20.612Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8"
}
],
"source": {
"advisory": "GHSA-rmm5-h2wv-mg4f",
"discovery": "UNKNOWN"
},
"title": "HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53271",
"datePublished": "2024-12-18T19:12:20.612Z",
"dateReserved": "2024-11-19T20:08:14.482Z",
"dateUpdated": "2024-12-18T21:34:22.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35471 (GCVE-0-2020-35471)
Vulnerability from cvelistv5
Published
2020-12-15 00:48
Modified
2024-08-04 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:07.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/issues/14113"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/14122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T00:48:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/issues/14113"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/pull/14122"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
},
{
"name": "https://github.com/envoyproxy/envoy/issues/14113",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/issues/14113"
},
{
"name": "https://github.com/envoyproxy/envoy/pull/14122",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/pull/14122"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35471",
"datePublished": "2020-12-15T00:48:24",
"dateReserved": "2020-12-15T00:00:00",
"dateUpdated": "2024-08-04T17:02:07.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45809 (GCVE-0-2024-45809)
Vulnerability from cvelistv5
Published
2024-09-19 23:34
Modified
2024-09-20 17:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.9 Version: >= 1.30.0, < 1.30.6 Version: >= 1.31.0, < 1.31.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:23:06.138498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:23:17.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.9"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.6"
},
{
"status": "affected",
"version": "\u003e= 1.31.0, \u003c 1.31.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T23:34:24.151Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wqr5-qmq7-3qw3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wqr5-qmq7-3qw3"
}
],
"source": {
"advisory": "GHSA-wqr5-qmq7-3qw3",
"discovery": "UNKNOWN"
},
"title": "Jwt filter crash in the clear route cache with remote JWKs in envoy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45809",
"datePublished": "2024-09-19T23:34:24.151Z",
"dateReserved": "2024-09-09T14:23:07.505Z",
"dateUpdated": "2024-09-20T17:23:17.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23324 (GCVE-0-2024-23324)
Vulnerability from cvelistv5
Published
2024-02-09 22:48
Modified
2024-08-19 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.1 Version: >= 1.28.0, < 1.28.1 Version: >= 1.27.0, < 1.27.3 Version: < 1.26.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.29.1",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.28.1",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThan": "1.27.3",
"status": "affected",
"version": "1.27.0",
"versionType": "custom"
},
{
"lessThan": "1.26.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T16:10:39.029109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:12:49.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.1"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.3"
},
{
"status": "affected",
"version": "\u003c 1.26.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:48:26.889Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a"
}
],
"source": {
"advisory": "GHSA-gq3v-vvhj-96j6",
"discovery": "UNKNOWN"
},
"title": "Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23324",
"datePublished": "2024-02-09T22:48:26.889Z",
"dateReserved": "2024-01-15T15:19:19.439Z",
"dateUpdated": "2024-08-19T16:12:49.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21654 (GCVE-0-2022-21654)
Vulnerability from cvelistv5
Published
2022-02-22 22:35
Modified
2025-04-23 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.7.0, < 1.18.6 Version: >= 1.19.0, < 1.19.3 Version: >= 1.20.0, < 1.20.2 Version: >= 1.21.0, < 1.21.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:41.314206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:01:27.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.18.6"
},
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy\u0027s tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:35:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353"
}
],
"source": {
"advisory": "GHSA-5j4x-g36v-m283",
"discovery": "UNKNOWN"
},
"title": "Incorrect configuration handling allows TLS session re-use without re-validation in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21654",
"STATE": "PUBLIC",
"TITLE": "Incorrect configuration handling allows TLS session re-use without re-validation in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.7.0, \u003c 1.18.6"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy\u0027s tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353"
}
]
},
"source": {
"advisory": "GHSA-5j4x-g36v-m283",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21654",
"datePublished": "2022-02-22T22:35:11.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:01:27.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45810 (GCVE-0-2024-45810)
Vulnerability from cvelistv5
Published
2024-09-19 23:34
Modified
2024-09-20 17:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: < 1.28.7 Version: >= 1.29.0, < 1.29.9 Version: >= 1.30.0, < 1.30.6 Version: >= 1.31.2, < 1.31.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:17:32.357987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:17:39.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.28.7"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.9"
},
{
"status": "affected",
"version": "\u003e= 1.30.0, \u003c 1.30.6"
},
{
"status": "affected",
"version": "\u003e= 1.31.2, \u003c 1.31.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T23:34:22.460Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q"
}
],
"source": {
"advisory": "GHSA-qm74-x36m-555q",
"discovery": "UNKNOWN"
},
"title": "Envoy crashes for LocalReply in http async client"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45810",
"datePublished": "2024-09-19T23:34:22.460Z",
"dateReserved": "2024-09-09T14:23:07.505Z",
"dateUpdated": "2024-09-20T17:17:39.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35942 (GCVE-0-2023-35942)
Vulnerability from cvelistv5
Published
2023-07-25 18:24
Modified
2024-10-24 18:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.26.0, < 1.26.4 Version: >= 1.25.0, < 1.25.9 Version: >= 1.24.0, < 1.24.10 Version: < 1.23.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:00:49.771065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:01:03.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.26.0, \u003c 1.26.4"
},
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.9"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.10"
},
{
"status": "affected",
"version": "\u003c 1.23.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener\u0027s global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:24:11.613Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4"
}
],
"source": {
"advisory": "GHSA-69vr-g55c-v2v4",
"discovery": "UNKNOWN"
},
"title": "Envoy\u0027s gRPC access log crash caused by the listener draining"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35942",
"datePublished": "2023-07-25T18:24:11.613Z",
"dateReserved": "2023-06-20T14:02:45.596Z",
"dateUpdated": "2024-10-24T18:01:03.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23325 (GCVE-0-2024-23325)
Vulnerability from cvelistv5
Published
2024-02-09 22:47
Modified
2024-08-27 16:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.29.0, < 1.29.1 Version: >= 1.28.0, < 1.28.1 Version: >= 1.27.0, < 1.27.3 Version: < 1.26.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"lessThan": "1.29.1",
"status": "affected",
"version": "1.29.0",
"versionType": "custom"
},
{
"lessThan": "1.28.1",
"status": "affected",
"version": "1.28.0",
"versionType": "custom"
},
{
"lessThan": "1.27.3",
"status": "affected",
"version": "1.27.0",
"versionType": "custom"
},
{
"lessThan": "1.26.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T15:17:31.291828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T16:33:56.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
},
{
"status": "affected",
"version": "\u003e= 1.28.0, \u003c 1.28.1"
},
{
"status": "affected",
"version": "\u003e= 1.27.0, \u003c 1.27.3"
},
{
"status": "affected",
"version": "\u003c 1.26.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn\u2019t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T22:47:13.048Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237"
}
],
"source": {
"advisory": "GHSA-5m7c-mrwr-pm26",
"discovery": "UNKNOWN"
},
"title": "Envoy crashes when using an address type that isn\u2019t supported by the OS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23325",
"datePublished": "2024-02-09T22:47:13.048Z",
"dateReserved": "2024-01-15T15:19:19.440Z",
"dateUpdated": "2024-08-27T16:33:56.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35943 (GCVE-0-2023-35943)
Vulnerability from cvelistv5
Published
2023-07-25 18:26
Modified
2024-10-24 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| envoyproxy | envoy |
Version: >= 1.26.0, < 1.26.4 Version: >= 1.25.0, < 1.25.9 Version: >= 1.24.0, < 1.24.10 Version: < 1.23.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35943",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:03:26.911512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:03:36.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.26.0, \u003c 1.26.4"
},
{
"status": "affected",
"version": "\u003e= 1.25.0, \u003c 1.25.9"
},
{
"status": "affected",
"version": "\u003e= 1.24.0, \u003c 1.24.10"
},
{
"status": "affected",
"version": "\u003c 1.23.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T18:26:23.571Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq"
}
],
"source": {
"advisory": "GHSA-mc6h-6j9x-v3gq",
"discovery": "UNKNOWN"
},
"title": "Envoy vulnerable to CORS filter segfault when origin header is removed "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35943",
"datePublished": "2023-07-25T18:26:23.571Z",
"dateReserved": "2023-06-20T14:02:45.597Z",
"dateUpdated": "2024-10-24T18:03:36.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-04-25 16:29
Modified
2024-11-21 04:52
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/issues/6435 | Issue Tracking, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w | ||
| cve@mitre.org | https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM | ||
| cve@mitre.org | https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/issues/6435 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF47B6A7-F357-4074-B90D-8BEB0AB53DC0",
"versionEndIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provided for by the access control policy."
},
{
"lang": "es",
"value": "Envoy versi\u00f3n 1.9.0 y anteriores no normalizan las path URL HTTP. Un atacante remoto puede crear un path relativo, por ejemplo, algo/.. /admin, para omitir el control de acceso, por ejemplo, un bloque en/admin. A continuaci\u00f3n, un servidor back-end podr\u00eda interpretar el path no normalizado y suministrar a un atacante acceso m\u00e1s all\u00e1 del \u00e1mbito suministrado por la Directiva de control de acceso."
}
],
"id": "CVE-2019-9901",
"lastModified": "2024-11-21T04:52:32.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-25T16:29:01.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/6435"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/6435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-20 00:15
Modified
2024-09-25 17:12
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C765FFC0-2FF7-4318-A347-2AFCAD0E7C74",
"versionEndExcluding": "1.31.2",
"versionStartIncluding": "1.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy\u0027s 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. La versi\u00f3n 1.31 de Envoy utiliza `oghttp` como el c\u00f3dec HTTP/2 predeterminado y existen posibles errores en la administraci\u00f3n de transmisiones en el c\u00f3dec. Para resolver esto, Envoy desactivar\u00e1 `oghttp2` de manera predeterminada. El impacto de este problema es que Envoy se bloquear\u00e1. Este problema se ha solucionado en la versi\u00f3n 1.31.2. Se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para este problema."
}
],
"id": "CVE-2024-45807",
"lastModified": "2024-09-25T17:12:38.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-20T00:15:02.520",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 19:15
Modified
2024-11-21 07:53
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://datatracker.ietf.org/doc/html/rfc9113#section-8.3 | Not Applicable | |
| security-advisories@github.com | https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1 | Not Applicable | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp | Exploit, Vendor Advisory | |
| security-advisories@github.com | https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://datatracker.ietf.org/doc/html/rfc9113#section-8.3 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2 | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD93214-C958-4A69-9291-15D1C22CFD3F",
"versionEndExcluding": "1.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFB303-DA5A-4E83-93F7-3C1EA340E434",
"versionEndExcluding": "1.23.6",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B633B8-FA4A-4630-9302-96F2C8336E36",
"versionEndExcluding": "1.24.4",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFC6741-6FDF-47F6-A4AF-B5F5233ABB71",
"versionEndExcluding": "1.25.3",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9."
}
],
"id": "CVE-2023-27491",
"lastModified": "2024-11-21T07:53:00.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T19:15:07.150",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-01 17:15
Modified
2024-11-21 05:16
Severity ?
Summary
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w | Exploit, Third Party Advisory | |
| cve@mitre.org | https://groups.google.com/forum/#%21forum/envoy-security-announce | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21forum/envoy-security-announce |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F453FD36-FC1A-402A-9710-411CDCAA7267",
"versionEndExcluding": "1.12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03F35E43-8693-4A3F-BBCD-BF71498D5607",
"versionEndExcluding": "1.13.4",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80A633C-5843-4229-A733-30C7B366AC57",
"versionEndExcluding": "1.14.4",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67FC80BB-FF91-4A5C-987E-CC5902586F44",
"versionEndExcluding": "1.15.1",
"versionStartIncluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy\u2019s setCopy() header map API does not replace all existing occurences of a non-inline header."
},
{
"lang": "es",
"value": "Envoy versiones hasta 1.15.0, solo considera el primer valor cuando m\u00faltiples valores de encabezado est\u00e1n presentes para algunos encabezados HTTP.\u0026#xa0;La API de mapa de encabezado de la funci\u00f3n setCopy() de Envoy no reemplaza todas las ocurrencias existentes de un encabezado no en l\u00ednea"
}
],
"id": "CVE-2020-25017",
"lastModified": "2024-11-21T05:16:31.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-01T17:15:13.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 19:15
Modified
2024-11-21 07:53
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes.
As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD93214-C958-4A69-9291-15D1C22CFD3F",
"versionEndExcluding": "1.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFB303-DA5A-4E83-93F7-3C1EA340E434",
"versionEndExcluding": "1.23.6",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B633B8-FA4A-4630-9302-96F2C8336E36",
"versionEndExcluding": "1.24.4",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFC6741-6FDF-47F6-A4AF-B5F5233ABB71",
"versionEndExcluding": "1.25.3",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes.\n\nAs of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter."
}
],
"id": "CVE-2023-27492",
"lastModified": "2024-11-21T07:53:00.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T19:15:07.217",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-24 21:15
Modified
2024-11-21 06:07
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8 | Third Party Advisory | |
| security-advisories@github.com | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781",
"versionEndExcluding": "1.18.4",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state."
},
{
"lang": "es",
"value": "Envoy es un proxy L7 de c\u00f3digo abierto y un bus de comunicaci\u00f3n dise\u00f1ado para grandes arquitecturas modernas orientadas a servicios. En las versiones afectadas, Envoy lleva a cabo una transici\u00f3n de una conexi\u00f3n H/2 al estado CLOSED cuando recibe una trama GOAWAY sin ning\u00fan flujo pendiente. El estado de la conexi\u00f3n pasa a DRAINING cuando recibe una trama SETTING con el par\u00e1metro SETTINGS_MAX_CONCURRENT_STREAMS ajustado a 0. Recibiendo estas dos tramas en el mismo evento de E/S resulta en una terminaci\u00f3n anormal del proceso Envoy debido a una transici\u00f3n de estado no v\u00e1lida de CLOSED a DRAINING. Una secuencia de tramas H/2 entregada por un servidor upstream no confiable resultar\u00e1 en una Denegaci\u00f3n de Servicio en presencia de servidores **upstream** no confiables. Envoy versiones 1.19.1 y 1.18.4, contienen correcciones para detener el procesamiento de las tramas H/2 pendientes despu\u00e9s de la transici\u00f3n de la conexi\u00f3n al estado CLOSED."
}
],
"id": "CVE-2021-32780",
"lastModified": "2024-11-21T06:07:43.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-24T21:15:09.947",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588736F6-2FDC-4CF7-AFFA-7CFE16ED6EC6",
"versionEndExcluding": "1.23.12",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8412E60-1C2F-4764-94F5-563FAA297466",
"versionEndExcluding": "1.24.10",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC8FEB8-BB13-443C-8905-30B03F8F52E6",
"versionEndExcluding": "1.25.9",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA35F763-2810-4231-B5A9-93310BF7B765",
"versionEndExcluding": "1.26.4",
"versionStartIncluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue."
}
],
"id": "CVE-2023-35944",
"lastModified": "2024-11-21T08:09:01.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.240",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-14 22:15
Modified
2024-11-21 05:04
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, when it should only allow subdomain.example.com. This defect applies to both validating a client TLS certificate in mTLS, and validating a server TLS certificate for upstream connections. This vulnerability is only applicable to situations where an untrusted entity can obtain a signed wildcard TLS certificate for a domain of which you only intend to trust a subdomain of. For example, if you intend to trust api.mysubdomain.example.com, and an untrusted actor can obtain a signed TLS certificate for *.example.com or *.com. Configurations are vulnerable if they use verify_subject_alt_name in any Envoy version, or if they use match_subject_alt_names in version 1.14 or later. This issue has been fixed in Envoy versions 1.12.6, 1.13.4, 1.14.4, 1.15.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40CF9EE0-3EFC-4E23-9E96-6860686D68F9",
"versionEndExcluding": "1.12.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03F35E43-8693-4A3F-BBCD-BF71498D5607",
"versionEndExcluding": "1.13.4",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80A633C-5843-4229-A733-30C7B366AC57",
"versionEndExcluding": "1.14.4",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, when it should only allow subdomain.example.com. This defect applies to both validating a client TLS certificate in mTLS, and validating a server TLS certificate for upstream connections. This vulnerability is only applicable to situations where an untrusted entity can obtain a signed wildcard TLS certificate for a domain of which you only intend to trust a subdomain of. For example, if you intend to trust api.mysubdomain.example.com, and an untrusted actor can obtain a signed TLS certificate for *.example.com or *.com. Configurations are vulnerable if they use verify_subject_alt_name in any Envoy version, or if they use match_subject_alt_names in version 1.14 or later. This issue has been fixed in Envoy versions 1.12.6, 1.13.4, 1.14.4, 1.15.0."
},
{
"lang": "es",
"value": "En Envoy versiones anteriores a 1.12.6, 1.13.4, 1.14.4 y 1.15.0, cuando se comprueban los certificados TLS, Envoy permitir\u00eda incorrectamente aplicar un DNS Subject Alternative Name comod\u00edn a m\u00faltiples subdominios. Por ejemplo, con una SAN de *.example.com, Envoy permitir\u00eda incorrectamente el nested.subdomain.example.com, cuando solo deber\u00eda permitir el subdomain.example.com. Este fallo aplica para ambos comprobaciones de un certificado TLS del cliente en mTLS y a la comprobaci\u00f3n de un certificado TLS del servidor para conexiones anteriores. Esta vulnerabilidad solo es aplicable a situaciones en las que una entidad no confiable puede obtener un certificado TLS comod\u00edn firmado para un dominio en el que solo desea confiar en un subdominio. Por ejemplo, si tiene la intenci\u00f3n de confiar en api.mysubdomain.example.com, y un actor no confiable puede obtener un certificado TLS firmado para *.example.com o *.com. Las configuraciones son vulnerables si usan verify_subject_alt_name en cualquier versi\u00f3n de Envoy, o si usan match_subject_alt_names en la versi\u00f3n 1.14 o posteriores. Este problema ha sido corregido en las versiones de Envoy 1.12.6, 1.13.4, 1.14.4, 1.15.0"
}
],
"id": "CVE-2020-15104",
"lastModified": "2024-11-21T05:04:49.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-14T22:15:10.937",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-24 21:15
Modified
2024-11-21 06:07
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv | Third Party Advisory | |
| security-advisories@github.com | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC3BF7F-5B28-4765-8C6F-E2437A4B425D",
"versionEndExcluding": "1.16.5",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83547329-1394-417F-93DB-70C1A9D173B0",
"versionEndExcluding": "1.17.4",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781",
"versionEndExcluding": "1.18.4",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy\u0027s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible."
},
{
"lang": "es",
"value": "Envoy es un proxy L7 de c\u00f3digo abierto y un bus de comunicaci\u00f3n dise\u00f1ado para grandes arquitecturas modernas orientadas a servicios. En las versiones afectadas, despu\u00e9s de que Envoy env\u00ede una respuesta generada localmente, debe detener el procesamiento posterior de los datos de la petici\u00f3n o la respuesta. Sin embargo, cuando la respuesta local es generada debido al desbordamiento del b\u00fafer interno mientras la petici\u00f3n o la respuesta es procesada por la cadena de filtrado, la operaci\u00f3n puede no detenerse completamente y resultar en el acceso a un bloque de memoria liberado. Una petici\u00f3n construida espec\u00edficamente y entregada por un peer descendente o ascendente que no es confiable en presencia de extensiones que modifican y aumentan el tama\u00f1o de los cuerpos de la petici\u00f3n o la respuesta, resultando en una Denegaci\u00f3n de Servicio cuando son usadas extensiones que modifican y aumentan el tama\u00f1o de los cuerpos de la petici\u00f3n o la respuesta, como el filtro descompresor. Envoy versiones 1.19.1, 1.18.4, 1.17.4 y 1.16.5, contienen correcciones para solucionar la terminaci\u00f3n incompleta del procesamiento de peticiones tras la respuesta generada localmente. Como soluci\u00f3n, deshabilite las extensiones decompressor, json-transcoder o grpc-web de Envoy o las extensiones propietarias que modifican y aumentan el tama\u00f1o de los cuerpos de las peticiones o respuestas, si es posible."
}
],
"id": "CVE-2021-32781",
"lastModified": "2024-11-21T06:07:43.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-24T21:15:10.157",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-20 00:15
Modified
2024-09-24 20:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-wqr5-qmq7-3qw3 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E442EF13-A99D-42B9-BC76-AC398C32D132",
"versionEndExcluding": "1.29.9",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685C62-CFE4-43C5-B0C2-1C6722FB4F64",
"versionEndExcluding": "1.30.6",
"versionStartIncluding": "1.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C765FFC0-2FF7-4318-A347-2AFCAD0E7C74",
"versionEndExcluding": "1.31.2",
"versionStartIncluding": "1.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions are met, a crash is triggered in the upstream code due to nullptr reference conversion from route(). The root cause is the ordering of continueDecoding and clearRouteCache. This issue has been addressed in versions 1.31.2, 1.30.6, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/per\u00edmetro/medio de alto rendimiento nativo de la nube. El filtro JWT provocar\u00e1 un bloqueo de Envoy cuando se borre la cach\u00e9 de ruta con JWK remotos. En el siguiente caso: 1. se utilizan JWK remotos, lo que requiere procesamiento de encabezado asincr\u00f3nico; 2. clear_route_cache est\u00e1 habilitado en el proveedor; 3. las operaciones de encabezado est\u00e1n habilitadas en el filtro JWT, por ejemplo, la funci\u00f3n de encabezado a reclamos; 4. la tabla de enrutamiento est\u00e1 configurada de manera que las operaciones de encabezado JWT modifiquen las solicitudes para que no coincidan con ninguna ruta. Cuando se cumplen estas condiciones, se activa un bloqueo en el c\u00f3digo ascendente debido a la conversi\u00f3n de referencia nullptr de route(). La causa principal es el orden de continueDecoding y clearRouteCache. Este problema se ha solucionado en las versiones 1.31.2, 1.30.6 y 1.29.9. Se recomienda a los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"id": "CVE-2024-45809",
"lastModified": "2024-09-24T20:12:24.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-20T00:15:02.930",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-wqr5-qmq7-3qw3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588736F6-2FDC-4CF7-AFFA-7CFE16ED6EC6",
"versionEndExcluding": "1.23.12",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8412E60-1C2F-4764-94F5-563FAA297466",
"versionEndExcluding": "1.24.10",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC8FEB8-BB13-443C-8905-30B03F8F52E6",
"versionEndExcluding": "1.25.9",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA35F763-2810-4231-B5A9-93310BF7B765",
"versionEndExcluding": "1.26.4",
"versionStartIncluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration."
}
],
"id": "CVE-2023-35943",
"lastModified": "2024-11-21T08:09:01.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.153",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-20 00:15
Modified
2024-10-15 16:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E423BE-4022-47AB-A5D4-B218627517DD",
"versionEndExcluding": "1.28.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E442EF13-A99D-42B9-BC76-AC398C32D132",
"versionEndExcluding": "1.29.9",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685C62-CFE4-43C5-B0C2-1C6722FB4F64",
"versionEndExcluding": "1.30.6",
"versionStartIncluding": "1.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C765FFC0-2FF7-4318-A347-2AFCAD0E7C74",
"versionEndExcluding": "1.31.2",
"versionStartIncluding": "1.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy\u0027s default configuration of internal trust boundaries, which considers all RFC1918 private address ranges as internal. The default behavior for handling internal addresses in Envoy has been changed. Previously, RFC1918 IP addresses were automatically considered internal, even if the internal_address_config was empty. The default configuration of Envoy will continue to trust internal addresses while in this release and it will not trust them by default in next release. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into `internal_address_config`. Successful exploitation could allow attackers to bypass security controls, access sensitive data, or disrupt services within the mesh, like Istio. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Una vulnerabilidad de seguridad en Envoy permite que los clientes externos manipulen los encabezados de Envoy, lo que puede provocar un acceso no autorizado u otras acciones maliciosas dentro de la malla. Este problema surge debido a la configuraci\u00f3n predeterminada de Envoy de los l\u00edmites de confianza internos, que considera todos los rangos de direcciones privadas RFC1918 como internos. Se ha cambiado el comportamiento predeterminado para manejar direcciones internas en Envoy. Anteriormente, las direcciones IP RFC1918 se consideraban internas autom\u00e1ticamente, incluso si internal_address_config estaba vac\u00edo. La configuraci\u00f3n predeterminada de Envoy seguir\u00e1 confiando en las direcciones internas mientras est\u00e9 en esta versi\u00f3n y no confiar\u00e1 en ellas de forma predeterminada en la pr\u00f3xima versi\u00f3n. Si tiene herramientas como sondas en su red privada que deben tratarse como confiables (por ejemplo, cambiando encabezados x-envoy arbitrarios), incluya expl\u00edcitamente esas direcciones o rangos CIDR en `internal_address_config`. Una explotaci\u00f3n exitosa podr\u00eda permitir a los atacantes eludir los controles de seguridad, acceder a datos confidenciales o interrumpir servicios dentro de la malla, como Istio. Este problema se ha solucionado en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-45806",
"lastModified": "2024-10-15T16:03:44.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-20T00:15:02.293",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 20:15
Modified
2024-11-21 06:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "343FE7CD-C2BF-42EE-8384-AAD008BE690D",
"versionEndExcluding": "1.22.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn\u2019t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue."
},
{
"lang": "es",
"value": "Envoy es un proxy de alto rendimiento nativo de la nube. En versiones anteriores a 1.22.1, el filtro OAuth intentaba invocar al resto de filtros de la cadena despu\u00e9s de emitir una respuesta local, lo que desencadena un ASSERT() en las versiones m\u00e1s recientes y corrompe la memoria en las versiones anteriores. continueDecoding() no deber\u00eda llamarse nunca desde los filtros despu\u00e9s de enviar una respuesta local. Es recomendado a usuarios actualizar. No se presentan mitigaciones conocidas para este problema"
}
],
"id": "CVE-2022-29228",
"lastModified": "2024-11-21T06:58:45.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T20:15:08.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 22:15
Modified
2024-11-21 06:18
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv | Third Party Advisory | |
| security-advisories@github.com | https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ | Not Applicable, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 | |
| pomerium | pomerium | 0.15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87D8ACC9-935D-48FC-8916-0452548EE337",
"versionEndExcluding": "1.18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0082414-BE21-4DDC-8B84-5DC9F9BAE8E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered."
},
{
"lang": "es",
"value": "Pomerium es un proxy de acceso de c\u00f3digo abierto consciente de la identidad. Envoy, en el que es basado Pomerium, puede terminar anormalmente si se recibe una trama H/2 GOAWAY y SETTINGS en el mismo evento IO. Esto puede conllevar a un DoS en presencia de servidores *upstream* no confiables. La versi\u00f3n 0.15.1 contiene un binario envoy actualizado con esta vulnerabilidad parcheada. Si s\u00f3lo se configuran upstreams confiables, no se presenta un riesgo sustancial de que se desencadene esta condici\u00f3n"
}
],
"id": "CVE-2021-39162",
"lastModified": "2024-11-21T06:18:45.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-09-09T22:15:09.050",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 02:15
Modified
2024-11-21 04:58
Severity ?
Summary
Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/issues/6767 | Third Party Advisory | |
| cve@mitre.org | https://github.com/istio/istio/issues/13589 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/istio/istio/issues/9429 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/issues/6767 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/istio/istio/issues/13589 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/istio/istio/issues/9429 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| istio | istio | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE5F040-C8AF-4F73-AB1F-D0A2752AD185",
"versionEndIncluding": "1.14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2122D404-F673-4F12-B91C-1338F3AEE5CC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim\u0027s browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains."
},
{
"lang": "es",
"value": "Istio versiones hasta 1.5.1 y Envoy versiones hasta 1.14.1, presenta un problema de p\u00e9rdida de datos. Si existe una conexi\u00f3n TCP (negociada con SNI a trav\u00e9s de HTTPS) a *.example.com, se env\u00eda una petici\u00f3n de un dominio configurado de manera simult\u00e1nea expl\u00edcitamente (por ejemplo, abc.example.com) hacia los servidores que escuchan detr\u00e1s de * .example.com. El resultado en su lugar deber\u00eda ser 421 Misdirected Request. Imagine un proxy directo de almacenamiento en cach\u00e9 compartido que reutiliza una conexi\u00f3n HTTP/2 para una subred grande con muchos usuarios. Si una v\u00edctima est\u00e1 interactuando con abc.example.com, y un servidor (para abc.example.com) recicla la conexi\u00f3n TCP al proxy directo, el navegador de la v\u00edctima puede comenzar a enviar datos confidenciales hacia un servidor *.example.com. Esto ocurre porque el proxy de reenv\u00edo entre la v\u00edctima y el servidor de origen reutiliza las conexiones (que obedecen la especificaci\u00f3n), pero ni Istio ni Envoy corrigen esto al enviar un error 421. Del mismo modo, este comportamiento anula los modelos de seguridad que los navegadores han implementado entre dominios."
}
],
"id": "CVE-2020-11767",
"lastModified": "2024-11-21T04:58:34.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T02:15:14.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/6767"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/istio/istio/issues/13589"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/istio/istio/issues/9429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/6767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/istio/istio/issues/13589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/istio/istio/issues/9429"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:29
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFC93D0-C206-417C-81D0-F18145E3D768",
"versionEndExcluding": "1.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8",
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83895D03-DAD1-4893-8A1C-F9143DEEC172",
"versionEndExcluding": "1.21.1",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. El env\u00edo de una respuesta generada localmente debe detener el procesamiento posterior de los datos de petici\u00f3n o respuesta. Envoy realiza un seguimiento de la cantidad de datos de petici\u00f3n y respuesta almacenados en el b\u00fafer y aborta la petici\u00f3n si la cantidad de datos almacenados en el b\u00fafer supera el l\u00edmite enviando 413 o 500 respuestas. Sin embargo, cuando el b\u00fafer es desbordado mientras la respuesta es procesada por la cadena de filtros, es posible que la operaci\u00f3n no sea abortada correctamente y que sea accedido a un bloque de memoria liberado. Si esto ocurre, Envoy ser\u00e1 bloqueado resultando en una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-43825",
"lastModified": "2024-11-21T06:29:52.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:10.890",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 16:15
Modified
2024-11-21 07:53
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD93214-C958-4A69-9291-15D1C22CFD3F",
"versionEndExcluding": "1.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFB303-DA5A-4E83-93F7-3C1EA340E434",
"versionEndExcluding": "1.23.6",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B633B8-FA4A-4630-9302-96F2C8336E36",
"versionEndExcluding": "1.24.4",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFC6741-6FDF-47F6-A4AF-B5F5233ABB71",
"versionEndExcluding": "1.25.3",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue."
}
],
"id": "CVE-2023-27487",
"lastModified": "2024-11-21T07:53:00.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T16:15:07.343",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-13 13:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy's access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:4222 | Third Party Advisory | |
| cve@mitre.org | https://blog.envoyproxy.io | Product | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/commits/master | Patch | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp | Exploit, Third Party Advisory | |
| cve@mitre.org | https://groups.google.com/forum/#%21forum/envoy-users | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:4222 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.envoyproxy.io | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commits/master | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21forum/envoy-users |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FE9447-DDAB-42A3-827A-DAB57328D902",
"versionEndIncluding": "1.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used to bypass Envoy\u0027s access control mechanisms such as path based routing. An attacker can also modify requests from other users that happen to be proximal temporally and spatially."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Envoy versi\u00f3n 1.12.0. Un cliente remoto no confiable puede enviar peticiones HTTP/2 que escriben en el pila fuera de los buffers de petici\u00f3n cuando el flujo ascendente es HTTP/1. Esto puede ser usado para corromper el contenido de la pila pr\u00f3ximo (lo que conlleva a un escenario de query-of-death) o se puede usar para omitir los mecanismos de control de acceso de Envoy, como el enrutamiento basado en la ruta. Un atacante tambi\u00e9n puede modificar las peticiones de otros usuarios que pasan a ser proximales temporal y espacialmente."
}
],
"id": "CVE-2019-18801",
"lastModified": "2024-11-21T04:33:35.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T13:15:11.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4222"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-13 13:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass "example.com" matchers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html | ||
| cve@mitre.org | https://blog.envoyproxy.io | Product | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/commits/master | Patch | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://groups.google.com/forum/#%21forum/envoy-users | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.envoyproxy.io | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commits/master | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21forum/envoy-users |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FE9447-DDAB-42A3-827A-DAB57328D902",
"versionEndIncluding": "1.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat \"header-value \" as a different string from \"header-value\" so for example with the Host header \"example.com \" one could bypass \"example.com\" matchers."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Envoy versi\u00f3n 1.12.0. Un cliente remoto no confiable puede enviar un encabezado HTTP (como Host) con espacios en blanco despu\u00e9s del contenido del encabezado. Envoy tratar\u00e1 el \"header-value \" como una cadena diferente del \"header-value\", de modo que, por ejemplo, con el encabezado Host \"example.com \" se podr\u00edan omitir los comparadores de \"example.com\"."
}
],
"id": "CVE-2019-18802",
"lastModified": "2024-11-21T04:33:35.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T13:15:11.383",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:48
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.21.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8",
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0F077C-1153-43C1-88E2-5E41FDE5C6E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. Cuando se elimina un cl\u00faster a trav\u00e9s del Servicio de Descubrimiento de Cl\u00fasteres (CDS), se desconectan todas las conexiones inactivas establecidas con los puntos finales de ese cl\u00faster. Se introdujo una recursi\u00f3n en el procedimiento de desconexi\u00f3n de las conexiones inactivas que puede llevar al agotamiento de la pila y a la terminaci\u00f3n anormal del proceso cuando un cl\u00faster tiene un gran n\u00famero de conexiones inactivas. Esta recursi\u00f3n infinita hace que Envoy se bloquee. Se aconseja a los usuarios que actualicen"
}
],
"id": "CVE-2022-23606",
"lastModified": "2024-11-21T06:48:55.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:11.337",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/4b6dd3b53cd5c6d4d4df378a2fc62c1707522b31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 17:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.envoyproxy.io | Vendor Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/releases | Third Party Advisory | |
| nvd@nist.gov | https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.envoyproxy.io | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/releases | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | 1.14.6 | |
| envoyproxy | envoy | 1.15.3 | |
| envoyproxy | envoy | 1.16.2 | |
| envoyproxy | envoy | 1.17.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DBF84E-6E48-4EBD-AC66-E345063B521F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87350B3-58D6-4A1E-8A4A-8846D65070CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "065415B4-0F56-4AE3-B17D-B38416543DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA926D71-E8B2-40D9-9D44-CAC09EB4FCA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Envoy versiones hasta 1.71.1.\u0026#xa0;presenta un desbordamiento de enteros explotable remoto en el que un valor de grpc-timeout muy grande conlleva a c\u00e1lculos de tiempo de espera inesperados"
}
],
"id": "CVE-2021-28682",
"lastModified": "2024-11-21T06:00:07.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T17:15:07.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/blob/15e3b9dbcc9aaa9d391fa8033904aad1ea1ae70d/api/envoy/api/v2/cluster.proto#L36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 01:15
Modified
2024-11-21 05:27
Severity ?
Summary
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/issues/14113 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/pull/14122 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/issues/14113 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/pull/14122 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49543588-1B38-4406-AE61-5414E7CD6B4B",
"versionEndExcluding": "1.16.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500."
},
{
"lang": "es",
"value": "Envoy versiones anteriores a 1.16.1, maneja inapropiadamente datagramas perdidos y truncados, como es demostrado por un fallo de segmentaci\u00f3n para un tama\u00f1o de paquete UDP m\u00e1s largo que 1500"
}
],
"id": "CVE-2020-35471",
"lastModified": "2024-11-21T05:27:21.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T01:15:13.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/14113"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/pull/14122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/14113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/pull/14122"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:45
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EFF3F2-C20D-497C-ADEC-9FF2FD141466",
"versionEndExcluding": "1.18.6",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8",
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83895D03-DAD1-4893-8A1C-F9143DEEC172",
"versionEndExcluding": "1.21.1",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy\u0027s tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. El tls de Envoy permite la reutilizaci\u00f3n cuando algunos ajustes de validaci\u00f3n de cert han cambiado de su configuraci\u00f3n por defecto. La \u00fanica medida de mitigaci\u00f3n para este problema es asegurarse de que es usada la configuraci\u00f3n tls por defecto. Es recomendado a usuarios actualizar"
}
],
"id": "CVE-2022-21654",
"lastModified": "2024-11-21T06:45:09.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:11.103",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/e9f936d85dc1edc34fabd0a1725ec180f2316353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 17:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.envoyproxy.io | Vendor Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/releases | Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg | Not Applicable, Third Party Advisory | |
| nvd@nist.gov | https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.envoyproxy.io | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/releases | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg | Not Applicable, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | 1.16.2 | |
| envoyproxy | envoy | 1.17.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "065415B4-0F56-4AE3-B17D-B38416543DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA926D71-E8B2-40D9-9D44-CAC09EB4FCA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Envoy versiones hasta 1.71.1.\u0026#xa0;Se presenta una desreferencia de puntero NULL explotable remoto y bloqueo en TLS cuando es recibido un c\u00f3digo de alerta TLS desconocido"
}
],
"id": "CVE-2021-28683",
"lastModified": "2024-11-21T06:00:08.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T17:15:07.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 21:15
Modified
2024-11-21 09:16
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1020E2E2-EDFA-4188-B17F-406904256EB1",
"versionEndExcluding": "1.27.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0",
"versionEndExcluding": "1.30.2",
"versionStartIncluding": "1.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM\u0027s `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free. \n"
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Se observ\u00f3 un bloqueo en `EnvoyQuicServerStream::OnInitialHeadersComplete()` con la siguiente pila de llamadas. Es un use-after-free causado porque QUICHE contin\u00faa enviando encabezados de solicitud despu\u00e9s de que se llama a `StopReading()` en la secuencia. Al igual que despu\u00e9s de `StopReading()`, es posible que el `ActiveStream` del HCM ya se haya destruido y cualquier llamada desde QUICHE podr\u00eda provocar su use after free."
}
],
"id": "CVE-2024-32974",
"lastModified": "2024-11-21T09:16:08.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T21:15:33.773",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-09 23:15
Modified
2024-11-21 08:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e | Patch, Vendor Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F",
"versionEndExcluding": "1.26.7",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6",
"versionEndExcluding": "1.27.3",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3",
"versionEndExcluding": "1.28.1",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA",
"versionEndExcluding": "1.29.1",
"versionStartIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. Envoy se bloquear\u00e1 cuando se produzcan ciertos tiempos de espera dentro del mismo intervalo. El bloqueo ocurre cuando se cumple lo siguiente: 1. hedge_on_per_try_timeout est\u00e1 habilitado, 2. per_try_idle_timeout est\u00e1 habilitado (solo se puede hacer en la configuraci\u00f3n), 3. per-try-timeout est\u00e1 habilitado, ya sea a trav\u00e9s de encabezados o configuraci\u00f3n y su valor es igual , o dentro del intervalo de espera de per_try_idle_timeout. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-23322",
"lastModified": "2024-11-21T08:57:30.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-09T23:15:08.747",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-20 00:15
Modified
2024-09-25 17:18
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E423BE-4022-47AB-A5D4-B218627517DD",
"versionEndExcluding": "1.28.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E442EF13-A99D-42B9-BC76-AC398C32D132",
"versionEndExcluding": "1.29.9",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685C62-CFE4-43C5-B0C2-1C6722FB4F64",
"versionEndExcluding": "1.30.6",
"versionStartIncluding": "1.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C765FFC0-2FF7-4318-A347-2AFCAD0E7C74",
"versionEndExcluding": "1.31.2",
"versionStartIncluding": "1.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. Se identific\u00f3 una vulnerabilidad en Envoy que permite a atacantes maliciosos inyectar contenido inesperado en los registros de acceso. Esto se logra explotando la falta de validaci\u00f3n del campo `REQUESTED_SERVER_NAME` para los registradores de acceso. Este problema se solucion\u00f3 en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad."
}
],
"id": "CVE-2024-45808",
"lastModified": "2024-09-25T17:18:38.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-20T00:15:02.733",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 21:15
Modified
2024-11-21 09:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86B5BD80-6968-4E30-9380-7D0417432557",
"versionEndExcluding": "1.27.6",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0",
"versionEndExcluding": "1.30.2",
"versionStartIncluding": "1.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Envoyproxy con un filtro Brotli puede entrar en un bucle sin fin durante la descompresi\u00f3n de datos Brotli con entrada adicional."
}
],
"id": "CVE-2024-32976",
"lastModified": "2024-11-21T09:16:09.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T21:15:34.220",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 21:15
Modified
2024-11-21 09:18
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1020E2E2-EDFA-4188-B17F-406904256EB1",
"versionEndExcluding": "1.27.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0",
"versionEndExcluding": "1.30.2",
"versionStartIncluding": "1.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Envoy expuso un vector de falta de memoria (OOM) de la respuesta reflejada, ya que el cliente HTTP as\u00edncrono almacenar\u00e1 la respuesta en un b\u00fafer ilimitado."
}
],
"id": "CVE-2024-34364",
"lastModified": "2024-11-21T09:18:30.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T21:15:34.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 21:15
Modified
2024-11-21 09:18
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0",
"versionEndExcluding": "1.30.2",
"versionStartIncluding": "1.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Debido a c\u00f3mo Envoy invoc\u00f3 la librer\u00eda JSON de nlohmann, la librer\u00eda podr\u00eda generar una excepci\u00f3n no detectada de los datos posteriores si se serializaran cadenas UTF-8 incompletas. La excepci\u00f3n no detectada provocar\u00eda que Envoy fallara."
}
],
"id": "CVE-2024-34363",
"lastModified": "2024-11-21T09:18:30.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T21:15:34.743",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 20:15
Modified
2024-11-21 06:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "343FE7CD-C2BF-42EE-8384-AAD008BE690D",
"versionEndExcluding": "1.22.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression."
},
{
"lang": "es",
"value": "Envoy es un proxy de alto rendimiento nativo de la nube. En versiones anteriores a 1.22.1, los secompresores acumulan los datos descomprimidos en un buffer intermedio antes de sobrescribir el cuerpo en el decode/encodeBody. Esto puede permitir a un atacante bombardear el descompresor mediante el env\u00edo de una peque\u00f1a carga \u00fatil altamente comprimida. Los archivos zip construidos de forma maliciosa pueden agotar la memoria del sistema y causar una denegaci\u00f3n de servicio. Es recomendado a usuarios actualizar. Los usuarios que no puedan actualizar pueden considerar deshabilitar la descompresi\u00f3n"
}
],
"id": "CVE-2022-29225",
"lastModified": "2024-11-21T06:58:45.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T20:15:08.000",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/cb4ef0b09200c720dfdb07e097092dd105450343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-75hv-2jjj-89hh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-409"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-10 14:15
Modified
2025-06-11 17:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/10/6 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/10/7 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/13/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/13/9 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/18/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/18/8 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/19/6 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/10/20/8 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/security/cve/cve-2023-44487 | Vendor Advisory | |
| cve@mitre.org | https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ | Press/Media Coverage, Third Party Advisory | |
| cve@mitre.org | https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ | Third Party Advisory | |
| cve@mitre.org | https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ | Technical Description, Vendor Advisory | |
| cve@mitre.org | https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ | Third Party Advisory, Vendor Advisory | |
| cve@mitre.org | https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ | Vendor Advisory | |
| cve@mitre.org | https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack | Press/Media Coverage, Third Party Advisory | |
| cve@mitre.org | https://blog.vespa.ai/cve-2023-44487/ | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.proxmox.com/show_bug.cgi?id=4988 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=2242803 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1216123 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ | Technical Description, Vendor Advisory | |
| cve@mitre.org | https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack | Technical Description, Vendor Advisory | |
| cve@mitre.org | https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 | Vendor Advisory | |
| cve@mitre.org | https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 | Third Party Advisory | |
| cve@mitre.org | https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve | Broken Link | |
| cve@mitre.org | https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 | Vendor Advisory | |
| cve@mitre.org | https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/Azure/AKS/issues/3947 | Issue Tracking | |
| cve@mitre.org | https://github.com/Kong/kong/discussions/11741 | Issue Tracking | |
| cve@mitre.org | https://github.com/advisories/GHSA-qppj-fm5r-hxr3 | Vendor Advisory | |
| cve@mitre.org | https://github.com/advisories/GHSA-vx74-f528-fxqg | Mitigation, Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/advisories/GHSA-xpw8-rcwv-8f8p | Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/akka/akka-http/issues/4323 | Issue Tracking | |
| cve@mitre.org | https://github.com/alibaba/tengine/issues/1872 | Issue Tracking | |
| cve@mitre.org | https://github.com/apache/apisix/issues/10320 | Issue Tracking | |
| cve@mitre.org | https://github.com/apache/httpd-site/pull/10 | Issue Tracking | |
| cve@mitre.org | https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 | Product | |
| cve@mitre.org | https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 | Product, Third Party Advisory | |
| cve@mitre.org | https://github.com/apache/trafficserver/pull/10564 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 | Vendor Advisory | |
| cve@mitre.org | https://github.com/bcdannyboy/CVE-2023-44487 | Third Party Advisory | |
| cve@mitre.org | https://github.com/caddyserver/caddy/issues/5877 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://github.com/caddyserver/caddy/releases/tag/v2.7.5 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/dotnet/announcements/issues/277 | Issue Tracking, Mitigation, Vendor Advisory | |
| cve@mitre.org | https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 | Product, Release Notes | |
| cve@mitre.org | https://github.com/eclipse/jetty.project/issues/10679 | Issue Tracking | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/pull/30055 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/etcd-io/etcd/issues/16740 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/facebook/proxygen/pull/466 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/golang/go/issues/63417 | Issue Tracking | |
| cve@mitre.org | https://github.com/grpc/grpc-go/pull/6703 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/grpc/grpc/releases/tag/v1.59.2 | Mailing List | |
| cve@mitre.org | https://github.com/h2o/h2o/pull/3291 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf | Vendor Advisory | |
| cve@mitre.org | https://github.com/haproxy/haproxy/issues/2312 | Issue Tracking | |
| cve@mitre.org | https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 | Product | |
| cve@mitre.org | https://github.com/junkurihara/rust-rpxy/issues/97 | Issue Tracking | |
| cve@mitre.org | https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 | Patch | |
| cve@mitre.org | https://github.com/kazu-yamamoto/http2/issues/93 | Issue Tracking | |
| cve@mitre.org | https://github.com/kubernetes/kubernetes/pull/121120 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/line/armeria/pull/5232 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 | Patch | |
| cve@mitre.org | https://github.com/micrictor/http2-rst-stream | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/microsoft/CBL-Mariner/pull/6381 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 | Patch | |
| cve@mitre.org | https://github.com/nghttp2/nghttp2/pull/1961 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 | Release Notes | |
| cve@mitre.org | https://github.com/ninenines/cowboy/issues/1615 | Issue Tracking | |
| cve@mitre.org | https://github.com/nodejs/node/pull/50121 | Issue Tracking | |
| cve@mitre.org | https://github.com/openresty/openresty/issues/930 | Issue Tracking | |
| cve@mitre.org | https://github.com/opensearch-project/data-prepper/issues/3474 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/oqtane/oqtane.framework/discussions/3367 | Issue Tracking | |
| cve@mitre.org | https://github.com/projectcontour/contour/pull/5826 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/tempesta-tech/tempesta/issues/1986 | Issue Tracking | |
| cve@mitre.org | https://github.com/varnishcache/varnish-cache/issues/3996 | Issue Tracking | |
| cve@mitre.org | https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo | Mailing List, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://istio.io/latest/news/security/istio-security-2023-004/ | Vendor Advisory | |
| cve@mitre.org | https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ | Vendor Advisory | |
| cve@mitre.org | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q | Mailing List | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html | Mailing List | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html | Mailing List | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html | Mailing List | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html | Mailing List | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html | Mailing List | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ | Mailing List | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ | Mailing List | |
| cve@mitre.org | https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html | Third Party Advisory | |
| cve@mitre.org | https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ | Patch, Vendor Advisory | |
| cve@mitre.org | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 | Mitigation, Patch, Vendor Advisory | |
| cve@mitre.org | https://my.f5.com/manage/s/article/K000137106 | Vendor Advisory | |
| cve@mitre.org | https://netty.io/news/2023/10/10/4-1-100-Final.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://news.ycombinator.com/item?id=37830987 | Issue Tracking | |
| cve@mitre.org | https://news.ycombinator.com/item?id=37830998 | Issue Tracking, Press/Media Coverage | |
| cve@mitre.org | https://news.ycombinator.com/item?id=37831062 | Issue Tracking | |
| cve@mitre.org | https://news.ycombinator.com/item?id=37837043 | Issue Tracking | |
| cve@mitre.org | https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ | Third Party Advisory | |
| cve@mitre.org | https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected | Third Party Advisory | |
| cve@mitre.org | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202311-09 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20231016-0001/ | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20240426-0007/ | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20240621-0006/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20240621-0007/ | Third Party Advisory | |
| cve@mitre.org | https://security.paloaltonetworks.com/CVE-2023-44487 | Vendor Advisory | |
| cve@mitre.org | https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 | Release Notes | |
| cve@mitre.org | https://ubuntu.com/security/CVE-2023-44487 | Vendor Advisory | |
| cve@mitre.org | https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ | Third Party Advisory | |
| cve@mitre.org | https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event | Press/Media Coverage, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5521 | Mailing List, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5522 | Mailing List, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5540 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5549 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5558 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2023/dsa-5570 | Third Party Advisory | |
| cve@mitre.org | https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 | Third Party Advisory, Vendor Advisory | |
| cve@mitre.org | https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ | Vendor Advisory | |
| cve@mitre.org | https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2023/10/10/6 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack | Press/Media Coverage | |
| cve@mitre.org | https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ | Press/Media Coverage, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/13/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/13/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/18/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/18/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/19/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/20/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2023-44487 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ | Press/Media Coverage, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ | Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack | Press/Media Coverage, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.vespa.ai/cve-2023-44487/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.proxmox.com/show_bug.cgi?id=4988 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2242803 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1216123 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ | Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack | Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Azure/AKS/issues/3947 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Kong/kong/discussions/11741 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/advisories/GHSA-qppj-fm5r-hxr3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/advisories/GHSA-vx74-f528-fxqg | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/advisories/GHSA-xpw8-rcwv-8f8p | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/akka/akka-http/issues/4323 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/alibaba/tengine/issues/1872 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/apisix/issues/10320 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/httpd-site/pull/10 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/trafficserver/pull/10564 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bcdannyboy/CVE-2023-44487 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/caddyserver/caddy/issues/5877 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/caddyserver/caddy/releases/tag/v2.7.5 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dotnet/announcements/issues/277 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/jetty.project/issues/10679 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/pull/30055 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/etcd-io/etcd/issues/16740 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/facebook/proxygen/pull/466 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/golang/go/issues/63417 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grpc/grpc-go/pull/6703 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/h2o/h2o/pull/3291 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/haproxy/haproxy/issues/2312 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/junkurihara/rust-rpxy/issues/97 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kazu-yamamoto/http2/issues/93 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/pull/121120 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/line/armeria/pull/5232 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/micrictor/http2-rst-stream | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/microsoft/CBL-Mariner/pull/6381 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nghttp2/nghttp2/pull/1961 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ninenines/cowboy/issues/1615 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nodejs/node/pull/50121 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openresty/openresty/issues/930 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/opensearch-project/data-prepper/issues/3474 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/oqtane/oqtane.framework/discussions/3367 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/projectcontour/contour/pull/5826 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tempesta-tech/tempesta/issues/1986 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/varnishcache/varnish-cache/issues/3996 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo | Mailing List, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://istio.io/latest/news/security/istio-security-2023-004/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://my.f5.com/manage/s/article/K000137106 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://netty.io/news/2023/10/10/4-1-100-Final.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=37830987 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=37830998 | Issue Tracking, Press/Media Coverage | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=37831062 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=37837043 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202311-09 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231016-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240426-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240621-0006/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240621-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.paloaltonetworks.com/CVE-2023-44487 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/CVE-2023-44487 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event | Press/Media Coverage, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5521 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5522 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5540 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5549 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5558 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5570 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2023/10/10/6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack | Press/Media Coverage | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ | Press/Media Coverage, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ietf | http | 2.0 | |
| nghttp2 | nghttp2 | * | |
| netty | netty | * | |
| envoyproxy | envoy | 1.24.10 | |
| envoyproxy | envoy | 1.25.9 | |
| envoyproxy | envoy | 1.26.4 | |
| envoyproxy | envoy | 1.27.0 | |
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| caddyserver | caddy | * | |
| golang | go | * | |
| golang | go | * | |
| golang | http2 | * | |
| golang | networking | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | 17.1.0 | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | 17.1.0 | |
| f5 | big-ip_advanced_web_application_firewall | * | |
| f5 | big-ip_advanced_web_application_firewall | * | |
| f5 | big-ip_advanced_web_application_firewall | * | |
| f5 | big-ip_advanced_web_application_firewall | * | |
| f5 | big-ip_advanced_web_application_firewall | 17.1.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 17.1.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 17.1.0 | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | 17.1.0 | |
| f5 | big-ip_application_visibility_and_reporting | * | |
| f5 | big-ip_application_visibility_and_reporting | * | |
| f5 | big-ip_application_visibility_and_reporting | * | |
| f5 | big-ip_application_visibility_and_reporting | * | |
| f5 | big-ip_application_visibility_and_reporting | 17.1.0 | |
| f5 | big-ip_carrier-grade_nat | * | |
| f5 | big-ip_carrier-grade_nat | * | |
| f5 | big-ip_carrier-grade_nat | * | |
| f5 | big-ip_carrier-grade_nat | * | |
| f5 | big-ip_carrier-grade_nat | 17.1.0 | |
| f5 | big-ip_ddos_hybrid_defender | * | |
| f5 | big-ip_ddos_hybrid_defender | * | |
| f5 | big-ip_ddos_hybrid_defender | * | |
| f5 | big-ip_ddos_hybrid_defender | * | |
| f5 | big-ip_ddos_hybrid_defender | 17.1.0 | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | 17.1.0 | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | 17.1.0 | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | 17.1.0 | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 17.1.0 | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | 17.1.0 | |
| f5 | big-ip_next | 20.0.1 | |
| f5 | big-ip_next_service_proxy_for_kubernetes | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | 17.1.0 | |
| f5 | big-ip_ssl_orchestrator | * | |
| f5 | big-ip_ssl_orchestrator | * | |
| f5 | big-ip_ssl_orchestrator | * | |
| f5 | big-ip_ssl_orchestrator | * | |
| f5 | big-ip_ssl_orchestrator | 17.1.0 | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | 17.1.0 | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | 17.1.0 | |
| f5 | nginx | * | |
| f5 | nginx_ingress_controller | * | |
| f5 | nginx_ingress_controller | * | |
| f5 | nginx_plus | * | |
| f5 | nginx_plus | r29 | |
| f5 | nginx_plus | r30 | |
| apache | tomcat | * | |
| apache | tomcat | * | |
| apache | tomcat | * | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apache | tomcat | 11.0.0 | |
| apple | swiftnio_http\/2 | * | |
| grpc | grpc | * | |
| grpc | grpc | * | |
| grpc | grpc | * | |
| grpc | grpc | 1.57.0 | |
| microsoft | .net | * | |
| microsoft | .net | * | |
| microsoft | asp.net_core | * | |
| microsoft | asp.net_core | * | |
| microsoft | azure_kubernetes_service | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1607 | * | |
| microsoft | windows_10_1809 | * | |
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_21h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| microsoft | cbl-mariner | * | |
| dena | h2o | * | |
| proxygen | * | ||
| apache | apisix | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| amazon | opensearch_data_prepper | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| kazu-yamamoto | http2 | * | |
| istio | istio | * | |
| istio | istio | * | |
| istio | istio | * | |
| varnish_cache_project | varnish_cache | * | |
| traefik | traefik | * | |
| traefik | traefik | 3.0.0 | |
| traefik | traefik | 3.0.0 | |
| traefik | traefik | 3.0.0 | |
| projectcontour | contour | * | |
| linkerd | linkerd | * | |
| linkerd | linkerd | 2.13.0 | |
| linkerd | linkerd | 2.13.1 | |
| linkerd | linkerd | 2.14.0 | |
| linkerd | linkerd | 2.14.1 | |
| linecorp | armeria | * | |
| redhat | 3scale_api_management_platform | 2.0 | |
| redhat | advanced_cluster_management_for_kubernetes | 2.0 | |
| redhat | advanced_cluster_security | 3.0 | |
| redhat | advanced_cluster_security | 4.0 | |
| redhat | ansible_automation_platform | 2.0 | |
| redhat | build_of_optaplanner | 8.0 | |
| redhat | build_of_quarkus | - | |
| redhat | ceph_storage | 5.0 | |
| redhat | cert-manager_operator_for_red_hat_openshift | - | |
| redhat | certification_for_red_hat_enterprise_linux | 8.0 | |
| redhat | certification_for_red_hat_enterprise_linux | 9.0 | |
| redhat | cost_management | - | |
| redhat | cryostat | 2.0 | |
| redhat | decision_manager | 7.0 | |
| redhat | fence_agents_remediation_operator | - | |
| redhat | integration_camel_for_spring_boot | - | |
| redhat | integration_camel_k | - | |
| redhat | integration_service_registry | - | |
| redhat | jboss_a-mq | 7 | |
| redhat | jboss_a-mq_streams | - | |
| redhat | jboss_core_services | - | |
| redhat | jboss_data_grid | 7.0.0 | |
| redhat | jboss_enterprise_application_platform | 6.0.0 | |
| redhat | jboss_enterprise_application_platform | 7.0.0 | |
| redhat | jboss_fuse | 6.0.0 | |
| redhat | jboss_fuse | 7.0.0 | |
| redhat | logging_subsystem_for_red_hat_openshift | - | |
| redhat | machine_deletion_remediation_operator | - | |
| redhat | migration_toolkit_for_applications | 6.0 | |
| redhat | migration_toolkit_for_containers | - | |
| redhat | migration_toolkit_for_virtualization | - | |
| redhat | network_observability_operator | - | |
| redhat | node_healthcheck_operator | - | |
| redhat | node_maintenance_operator | - | |
| redhat | openshift | - | |
| redhat | openshift_api_for_data_protection | - | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | openshift_container_platform_assisted_installer | - | |
| redhat | openshift_data_science | - | |
| redhat | openshift_dev_spaces | - | |
| redhat | openshift_developer_tools_and_services | - | |
| redhat | openshift_distributed_tracing | - | |
| redhat | openshift_gitops | - | |
| redhat | openshift_pipelines | - | |
| redhat | openshift_sandboxed_containers | - | |
| redhat | openshift_secondary_scheduler_operator | - | |
| redhat | openshift_serverless | - | |
| redhat | openshift_service_mesh | 2.0 | |
| redhat | openshift_virtualization | 4 | |
| redhat | openstack_platform | 16.1 | |
| redhat | openstack_platform | 16.2 | |
| redhat | openstack_platform | 17.1 | |
| redhat | process_automation | 7.0 | |
| redhat | quay | 3.0.0 | |
| redhat | run_once_duration_override_operator | - | |
| redhat | satellite | 6.0 | |
| redhat | self_node_remediation_operator | - | |
| redhat | service_interconnect | 1.0 | |
| redhat | single_sign-on | 7.0 | |
| redhat | support_for_spring_boot | - | |
| redhat | web_terminal | - | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | service_telemetry_framework | 1.5 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| netapp | astra_control_center | - | |
| netapp | oncommand_insight | - | |
| akka | http_server | * | |
| konghq | kong_gateway | * | |
| jenkins | jenkins | * | |
| jenkins | jenkins | * | |
| apache | solr | * | |
| openresty | openresty | * | |
| cisco | business_process_automation | * | |
| cisco | connected_mobile_experiences | * | |
| cisco | crosswork_data_gateway | * | |
| cisco | crosswork_data_gateway | * | |
| cisco | crosswork_situation_manager | - | |
| cisco | crosswork_zero_touch_provisioning | * | |
| cisco | data_center_network_manager | - | |
| cisco | enterprise_chat_and_email | - | |
| cisco | expressway | * | |
| cisco | firepower_threat_defense | * | |
| cisco | iot_field_network_director | * | |
| cisco | prime_access_registrar | * | |
| cisco | prime_cable_provisioning | * | |
| cisco | prime_infrastructure | * | |
| cisco | prime_network_registrar | * | |
| cisco | secure_dynamic_attributes_connector | * | |
| cisco | secure_malware_analytics | * | |
| cisco | telepresence_video_communication_server | * | |
| cisco | ultra_cloud_core_-_policy_control_function | * | |
| cisco | ultra_cloud_core_-_policy_control_function | 2024.01.0 | |
| cisco | ultra_cloud_core_-_serving_gateway_function | * | |
| cisco | ultra_cloud_core_-_session_management_function | * | |
| cisco | unified_attendant_console_advanced | - | |
| cisco | unified_contact_center_domain_manager | - | |
| cisco | unified_contact_center_enterprise | - | |
| cisco | unified_contact_center_enterprise_-_live_data_server | * | |
| cisco | unified_contact_center_management_portal | - | |
| cisco | fog_director | * | |
| cisco | ios_xe | * | |
| cisco | ios_xr | * | |
| cisco | secure_web_appliance_firmware | * | |
| cisco | secure_web_appliance | - | |
| cisco | nx-os | * | |
| cisco | nx-os | * | |
| cisco | nx-os | * | |
| cisco | nexus_3016 | - | |
| cisco | nexus_3016q | - | |
| cisco | nexus_3048 | - | |
| cisco | nexus_3064 | - | |
| cisco | nexus_3064-32t | - | |
| cisco | nexus_3064-t | - | |
| cisco | nexus_3064-x | - | |
| cisco | nexus_3064t | - | |
| cisco | nexus_3064x | - | |
| cisco | nexus_3100 | - | |
| cisco | nexus_3100-v | - | |
| cisco | nexus_3100-z | - | |
| cisco | nexus_3100v | - | |
| cisco | nexus_31108pc-v | - | |
| cisco | nexus_31108pv-v | - | |
| cisco | nexus_31108tc-v | - | |
| cisco | nexus_31128pq | - | |
| cisco | nexus_3132c-z | - | |
| cisco | nexus_3132q | - | |
| cisco | nexus_3132q-v | - | |
| cisco | nexus_3132q-x | - | |
| cisco | nexus_3132q-x\/3132q-xl | - | |
| cisco | nexus_3132q-xl | - | |
| cisco | nexus_3164q | - | |
| cisco | nexus_3172 | - | |
| cisco | nexus_3172pq | - | |
| cisco | nexus_3172pq-xl | - | |
| cisco | nexus_3172pq\/pq-xl | - | |
| cisco | nexus_3172tq | - | |
| cisco | nexus_3172tq-32t | - | |
| cisco | nexus_3172tq-xl | - | |
| cisco | nexus_3200 | - | |
| cisco | nexus_3232 | - | |
| cisco | nexus_3232c | - | |
| cisco | nexus_3232c_ | - | |
| cisco | nexus_3264c-e | - | |
| cisco | nexus_3264q | - | |
| cisco | nexus_3400 | - | |
| cisco | nexus_3408-s | - | |
| cisco | nexus_34180yc | - | |
| cisco | nexus_34200yc-sm | - | |
| cisco | nexus_3432d-s | - | |
| cisco | nexus_3464c | - | |
| cisco | nexus_3500 | - | |
| cisco | nexus_3524 | - | |
| cisco | nexus_3524-x | - | |
| cisco | nexus_3524-x\/xl | - | |
| cisco | nexus_3524-xl | - | |
| cisco | nexus_3548 | - | |
| cisco | nexus_3548-x | - | |
| cisco | nexus_3548-x\/xl | - | |
| cisco | nexus_3548-xl | - | |
| cisco | nexus_3600 | - | |
| cisco | nexus_36180yc-r | - | |
| cisco | nexus_3636c-r | - | |
| cisco | nx-os | * | |
| cisco | nx-os | * | |
| cisco | nx-os | * | |
| cisco | nexus_9000v | - | |
| cisco | nexus_9200 | - | |
| cisco | nexus_9200yc | - | |
| cisco | nexus_92160yc-x | - | |
| cisco | nexus_92160yc_switch | - | |
| cisco | nexus_9221c | - | |
| cisco | nexus_92300yc | - | |
| cisco | nexus_92300yc_switch | - | |
| cisco | nexus_92304qc | - | |
| cisco | nexus_92304qc_switch | - | |
| cisco | nexus_9232e | - | |
| cisco | nexus_92348gc-x | - | |
| cisco | nexus_9236c | - | |
| cisco | nexus_9236c_switch | - | |
| cisco | nexus_9272q | - | |
| cisco | nexus_9272q_switch | - | |
| cisco | nexus_9300 | - | |
| cisco | nexus_93108tc-ex | - | |
| cisco | nexus_93108tc-ex-24 | - | |
| cisco | nexus_93108tc-ex_switch | - | |
| cisco | nexus_93108tc-fx | - | |
| cisco | nexus_93108tc-fx-24 | - | |
| cisco | nexus_93108tc-fx3h | - | |
| cisco | nexus_93108tc-fx3p | - | |
| cisco | nexus_93120tx | - | |
| cisco | nexus_93120tx_switch | - | |
| cisco | nexus_93128 | - | |
| cisco | nexus_93128tx | - | |
| cisco | nexus_93128tx_switch | - | |
| cisco | nexus_9316d-gx | - | |
| cisco | nexus_93180lc-ex | - | |
| cisco | nexus_93180lc-ex_switch | - | |
| cisco | nexus_93180tc-ex | - | |
| cisco | nexus_93180yc-ex | - | |
| cisco | nexus_93180yc-ex-24 | - | |
| cisco | nexus_93180yc-ex_switch | - | |
| cisco | nexus_93180yc-fx | - | |
| cisco | nexus_93180yc-fx-24 | - | |
| cisco | nexus_93180yc-fx3 | - | |
| cisco | nexus_93180yc-fx3h | - | |
| cisco | nexus_93180yc-fx3s | - | |
| cisco | nexus_93216tc-fx2 | - | |
| cisco | nexus_93240tc-fx2 | - | |
| cisco | nexus_93240yc-fx2 | - | |
| cisco | nexus_9332c | - | |
| cisco | nexus_9332d-gx2b | - | |
| cisco | nexus_9332d-h2r | - | |
| cisco | nexus_9332pq | - | |
| cisco | nexus_9332pq_switch | - | |
| cisco | nexus_93360yc-fx2 | - | |
| cisco | nexus_9336c-fx2 | - | |
| cisco | nexus_9336c-fx2-e | - | |
| cisco | nexus_9336pq | - | |
| cisco | nexus_9336pq_aci | - | |
| cisco | nexus_9336pq_aci_spine | - | |
| cisco | nexus_9336pq_aci_spine_switch | - | |
| cisco | nexus_9348d-gx2a | - | |
| cisco | nexus_9348gc-fx3 | - | |
| cisco | nexus_9348gc-fxp | - | |
| cisco | nexus_93600cd-gx | - | |
| cisco | nexus_9364c | - | |
| cisco | nexus_9364c-gx | - | |
| cisco | nexus_9364d-gx2a | - | |
| cisco | nexus_9372px | - | |
| cisco | nexus_9372px-e | - | |
| cisco | nexus_9372px-e_switch | - | |
| cisco | nexus_9372px_switch | - | |
| cisco | nexus_9372tx | - | |
| cisco | nexus_9372tx-e | - | |
| cisco | nexus_9372tx-e_switch | - | |
| cisco | nexus_9372tx_switch | - | |
| cisco | nexus_9396px | - | |
| cisco | nexus_9396px_switch | - | |
| cisco | nexus_9396tx | - | |
| cisco | nexus_9396tx_switch | - | |
| cisco | nexus_9408 | - | |
| cisco | nexus_9432pq | - | |
| cisco | nexus_9500 | - | |
| cisco | nexus_9500_16-slot | - | |
| cisco | nexus_9500_4-slot | - | |
| cisco | nexus_9500_8-slot | - | |
| cisco | nexus_9500_supervisor_a | - | |
| cisco | nexus_9500_supervisor_a\+ | - | |
| cisco | nexus_9500_supervisor_b | - | |
| cisco | nexus_9500_supervisor_b\+ | - | |
| cisco | nexus_9500r | - | |
| cisco | nexus_9504 | - | |
| cisco | nexus_9504_switch | - | |
| cisco | nexus_9508 | - | |
| cisco | nexus_9508_switch | - | |
| cisco | nexus_9516 | - | |
| cisco | nexus_9516_switch | - | |
| cisco | nexus_9536pq | - | |
| cisco | nexus_9636pq | - | |
| cisco | nexus_9716d-gx | - | |
| cisco | nexus_9736pq | - | |
| cisco | nexus_9800 | - | |
| cisco | nexus_9804 | - | |
| cisco | nexus_9808 | - |
{
"cisaActionDue": "2023-10-31",
"cisaExploitAdd": "2023-10-10",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5200E35-222B-42E0-83E0-5B702684D992",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BDC297-F023-4E87-8518-B84CCF9DD6A8",
"versionEndExcluding": "1.57.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D12D5257-7ED2-400F-9EF7-40E0D3650C2B",
"versionEndExcluding": "4.1.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1B058776-B5B7-4079-B0AF-23F40926DCEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6D565975-EFD9-467C-B6E3-1866A4EF17A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D487271-1B5E-4F16-B0CB-A7B8908935C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A6F189-6C43-462D-85C9-B0EBDA8A4683",
"versionEndExcluding": "9.4.53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C993C920-85C0-4181-A95E-5D965A670738",
"versionEndExcluding": "10.0.17",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08E79A8E-E12C-498F-AF4F-1AAA7135661E",
"versionEndExcluding": "11.0.17",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F138D800-9A3B-4C76-8A3C-4793083A1517",
"versionEndExcluding": "12.0.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6341DDDA-AD27-4087-9D59-0A212F0037B4",
"versionEndExcluding": "2.7.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328120E4-C031-44B4-9BE5-03B0CDAA066F",
"versionEndExcluding": "1.20.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A",
"versionEndExcluding": "1.21.3",
"versionStartIncluding": "1.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*",
"matchCriteriaId": "D7D2F801-6F65-4705-BCB9-D057EA54A707",
"versionEndExcluding": "0.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*",
"matchCriteriaId": "801F25DA-F38C-4452-8E90-235A3B1A5FF0",
"versionEndExcluding": "0.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93F04AD-DF14-48AB-9F13-8B2E491CF42E",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7522C760-7E07-406F-BF50-5656D5723C4F",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "783E62F2-F867-48F1-B123-D1227C970674",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6603ED6A-3366-4572-AFCD-B3D4B1EC7606",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88978E38-81D3-4EFE-8525-A300B101FA69",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0510296F-92D7-4388-AE3A-0D9799C2FC4D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7698D6C-B1F7-43C1-BBA6-88E956356B3D",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05E452AA-A520-4CBE-8767-147772B69194",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "596FC5D5-7329-4E39-841E-CAE937C02219",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C7A168-F370-441E-8790-73014BCEC39F",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF16FD01-7704-40AB-ACB2-80A883804D22",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1769D69A-CB59-46B1-89B3-FB97DC6DEB9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9167FEC1-2C37-4946-9657-B4E69301FB24",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4B3442-E0C0-48CD-87AD-060E15C9801E",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA85EC1-D91A-49DD-949B-2AF7AC813CA5",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20662BB0-4C3D-4CF0-B068-3555C65DD06C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59203EBF-C52A-45A1-B8DF-00E17E3EFB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC2324D-EC8B-41DF-88A7-819E53AAD0FC",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B88F9D1-B54B-40C7-A18A-26C4A071D7EC",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F39403-C259-4D6F-9E9A-53671017EEDB",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220F2D38-FA82-45EF-B957-7678C9FEDBC1",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C698C1C-A3DD-46E2-B05A-12F2604E7F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "922AA845-530A-4B4B-9976-4CBC30C8A324",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F938EB43-8373-47EB-B269-C6DF058A9244",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1771493E-ACAA-477F-8AB4-25DB12F6AD6E",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87670A74-34FE-45DF-A725-25B804C845B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E422F6-C4C2-43AC-B137-0997B5739030",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3F710F-DBCB-4976-9719-CF063DA22377",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88EDFCD9-775C-48FA-9CDA-2B04DA8D0612",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67DB21AE-DF53-442D-B492-C4ED9A20B105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9FCBCB-9CE0-49E7-85C8-69E71D211912",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "112DFA85-90AD-478D-BD70-8C7C0C074F1B",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB704A1C-D8B7-48BB-A15A-C14DB591FE4A",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21D51D9F-2840-4DEA-A007-D20111A1745C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC1D037-74D2-4F92-89AD-C90F6CBF440B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEF3EA4-7D5A-4B44-9CE3-258AEC745866",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBCE2D1-9D93-415D-AB2C-2060307C305A",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8070B469-8CC4-4D2F-97D7-12D0ABB963C1",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A326597E-725D-45DE-BEF7-2ED92137B253",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B235A78-649B-46C5-B24B-AB485A884654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B25AAB-A98C-4F89-9131-29E3A8C0ED23",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98D2CE1E-DED0-470A-AA78-C78EF769C38E",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C966FABA-7199-4F0D-AB8C-4590FE9D2FFF",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC36311E-BB00-4750-85C8-51F5A2604F07",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A65D357E-4B40-42EC-9AAA-2B6CEF78C401",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBD10E8-6054-408F-9687-B9BF6375CA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6018B01-048C-43BB-A78D-66910ED60CA9",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A6A5686-5A8B-45D5-9165-BC99D2CCAC47",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D2A121F-5BD2-4263-8ED3-1DDE25B5C306",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83794B04-87E2-4CA9-81F5-BB820D0F5395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EC2237-117F-43BD-ADEC-516CF72E04EF",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D4B6F-65CF-48F4-9A07-072DFBCE53D9",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29563719-1AF2-4BB8-8CCA-A0869F87795D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D24815DD-579A-46D1-B9F2-3BB2C56BC54D",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6E7035-3299-474F-8F67-945EA9A059D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0360F76D-E75E-4B05-A294-B47012323ED9",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4607BF-41AC-4E84-A110-74E085FF0445",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "441CC945-7CA3-49C0-AE10-94725301E31D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BA8E8A-6ED5-4FB2-8BBC-586AA031085A",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "969C4F14-F6D6-46D6-B348-FC1463877680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41AD5040-1250-45F5-AB63-63F333D49BCC",
"versionEndIncluding": "1.8.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8257AA59-C14D-4EC1-B22C-DFBB92CBC297",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37DB32BB-F4BA-4FB5-94B1-55C3F06749CF",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "667EB77B-DA13-4BA4-9371-EE3F3A109F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6F9699-A485-4614-8F38-5A556D31617E",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90F547-97A2-41EC-9FDF-25F869F0FA38",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E76E1B82-F1DC-4366-B388-DBDF16C586A0",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "660137F4-15A1-42D1-BBAC-99A1D5BB398B",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C446827A-1F71-4FAD-9422-580642D26AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1932D32D-0E4B-4BBD-816F-6D47AB2E2F04",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D47B7691-A95B-45C0-BAB4-27E047F3C379",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD1637D-0E42-4928-867A-BA0FDB6E8462",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A599F90-F66B-4DF0-AD7D-D234F328BD59",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1B2000-C3FE-4B4C-885A-A5076EB164E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A",
"versionEndIncluding": "13.1.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57D92D05-C67D-437E-88F3-DCC3F6B0ED2F",
"versionEndIncluding": "14.1.5",
"versionStartIncluding": "14.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCB8C30-861E-4E48-A5F5-30EE523C1FB6",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F",
"versionEndIncluding": "16.1.4",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB23AE6-245E-43D6-B832-933F8259F937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1188B4A9-2684-413C-83D1-E91C75AE0FCF",
"versionEndIncluding": "1.25.2",
"versionStartIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3337609D-5291-4A52-BC6A-6A8D4E60EB20",
"versionEndIncluding": "2.4.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF0ABD9-EB28-4966-8C31-EED7AFBF1527",
"versionEndIncluding": "3.3.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F291CB34-47A4-425A-A200-087CC295AEC8",
"versionEndExcluding": "r29",
"versionStartIncluding": "r25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*",
"matchCriteriaId": "5892B558-EC3A-43FF-A1D5-B2D9F70796F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
"matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B",
"versionEndIncluding": "8.5.93",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34",
"versionEndIncluding": "9.0.80",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0765CC3D-AB1A-4147-8900-EF4C105321F2",
"versionEndIncluding": "10.1.13",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*",
"matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*",
"matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio_http\\/2:*:*:*:*:*:swift:*:*",
"matchCriteriaId": "08190072-3880-4EF5-B642-BA053090D95B",
"versionEndExcluding": "1.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"matchCriteriaId": "5F4CDEA9-CB47-4881-B096-DA896E2364F3",
"versionEndExcluding": "1.56.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*",
"matchCriteriaId": "E65AF7BC-7DAE-408A-8485-FBED22815F75",
"versionEndIncluding": "1.59.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*",
"matchCriteriaId": "DD868DDF-C889-4F36-B5E6-68B6D9EA48CC",
"versionEndExcluding": "1.58.3",
"versionStartIncluding": "1.58.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*",
"matchCriteriaId": "FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4496821E-BD55-4F31-AD9C-A3D66CBBD6BD",
"versionEndExcluding": "6.0.23",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF7ECF6-178D-433C-AA21-BAE9EF248F37",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3418F4-B8BF-4666-BB39-C188AB01F45C",
"versionEndExcluding": "6.0.23",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314",
"versionEndExcluding": "2023-10-08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16A8F269-E07E-402F-BFD5-60F3988A5EAF",
"versionEndExcluding": "17.2.20",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8",
"versionEndExcluding": "17.4.12",
"versionStartIncluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5834D4-F52F-41C0-AA11-C974FFEEA063",
"versionEndExcluding": "17.6.8",
"versionStartIncluding": "17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2166106F-ACD6-4C7B-B0CC-977B83CC5F73",
"versionEndExcluding": "17.7.5",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "4CD49C41-6D90-47D3-AB4F-4A74169D3A8F",
"versionEndExcluding": "10.0.14393.6351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1",
"versionEndExcluding": "10.0.14393.6351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3",
"versionEndExcluding": "10.0.17763.4974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F9A643-90C6-489C-98A0-D2739CE72F86",
"versionEndExcluding": "10.0.19044.3570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC",
"versionEndExcluding": "10.0.19045.3570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63",
"versionEndExcluding": "10.0.22000.2538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B",
"versionEndExcluding": "10.0.22621.2428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BAB9EB-1527-4D9A-BADE-0708579536CF",
"versionEndExcluding": "18.18.2",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69843DE4-4721-4F0A-A9B7-0F6DF5AAA388",
"versionEndExcluding": "20.8.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25279EF-C406-4133-99ED-0492703E0A4E",
"versionEndExcluding": "2023-10-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5",
"versionEndExcluding": "2023-10-10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C",
"versionEndExcluding": "2023.10.16.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEB508E-0EBD-4450-9074-983DDF568AB4",
"versionEndExcluding": "3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A1A748-6C71-4191-8A16-A93E94E2CDE4",
"versionEndExcluding": "8.1.9",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A",
"versionEndExcluding": "9.2.3",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F70360D-6214-46BA-AF82-6AB01E13E4E9",
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DA759E-1AF8-49D3-A3FC-1B426C13CA82",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF",
"versionEndExcluding": "1.17.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C8E760-C8D2-483A-BBD4-6A6D292A3874",
"versionEndExcluding": "1.18.3",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7",
"versionEndExcluding": "1.19.1",
"versionStartIncluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*",
"matchCriteriaId": "050AE218-3871-44D6-94DA-12D84C2093CB",
"versionEndExcluding": "2023-10-10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B36BFFB0-C0EC-4926-A1DB-0B711C846A68",
"versionEndExcluding": "2.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "376EAF9B-E994-4268-9704-0A45EA30270F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F3D08335-C291-4623-B80C-3B14C4D1FA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "21033CEE-CEF5-4B0D-A565-4A6FC764AA6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*",
"matchCriteriaId": "FC4C66B1-42C0-495D-AE63-2889DE0BED84",
"versionEndExcluding": "2023-10-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "8633E263-F066-4DD8-A734-90207207A873",
"versionEndIncluding": "2.12.5",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "34A23BD9-A0F4-4D85-8011-EAC93C29B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "27ED3533-A795-422F-B923-68BE071DC00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "45F7E352-3208-4188-A5B1-906E00DF9896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*",
"matchCriteriaId": "DF89A8AD-66FE-439A-B732-CAAB304D765B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A400C637-AF18-4BEE-B57C-145261B65DEC",
"versionEndExcluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "653A5B08-0D02-4362-A8B1-D00B24C6C6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD736A-8730-446A-BA3A-7B608DB62B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C504B6-3902-46E2-82B7-48AEC9CDD48D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D54F5AE-61EC-4434-9D5F-9394A3979894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E37E1B3-6F68-4502-85D6-68333643BDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5A7736-A403-4617-8790-18E46CB74DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33F13B03-69BF-4A8B-A0A0-7F47FD857461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9393119E-F018-463F-9548-60436F104195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC45EE1E-2365-42D4-9D55-92FA24E5ED3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E567CD9F-5A43-4D25-B911-B5D0440698F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68146098-58F8-417E-B165-5182527117C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4D6790-63E5-4043-B8BE-B489D649061D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78698F40-0777-4990-822D-02E1B5D0E2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*",
"matchCriteriaId": "A58966CB-36AF-4E64-AB39-BE3A0753E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*",
"matchCriteriaId": "585BC540-073B-425B-B664-5EA4C00AFED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF93A27E-AA2B-4C2E-9B8D-FE7267847326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B12A3A8-6456-481A-A0C9-524543FCC149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2E7E3C-A507-4AB2-97E5-4944D8775CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E22EBF9-AA0D-4712-9D69-DD97679CE835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*",
"matchCriteriaId": "941B114C-FBD7-42FF-B1D8-4EA30E99102C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "339CFB34-A795-49F9-BF6D-A00F3A1A4F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D044DBE-6F5A-4C53-828E-7B1A570CACFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*",
"matchCriteriaId": "65203CA1-5225-4E55-A187-6454C091F532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF8EFFB-5686-4F28-A68F-1A8854E098CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA9B2E2-958B-478D-87D6-E5CDDCD44315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF390236-3259-4C8F-891C-62ACC4386CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AAA300-691A-4957-8B69-F6888CC971B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45937289-2D64-47CB-A750-5B4F0D4664A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B129311C-EB4B-4041-B85C-44D5E53FCAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AB54DB-3FB4-41CB-88ED-1400FD22AB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77675CB7-67D7-44E9-B7FF-D224B3341AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C877879-B84B-471C-80CF-0656521CA8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E315FC5C-FF19-43C9-A58A-CF2A5FF13824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F564701-EDC1-43CF-BB9F-287D6992C6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0CF2B-D1E1-4E20-846E-6F0D873499A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8885C2C-7FB8-40CA-BCB9-B48C50BF2499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A903C3AD-2D25-45B5-BF4A-A5BEB2286627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5EBD2A-32A3-46D5-B155-B44DCB7F6902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2792650-851F-4820-B003-06A4BEA092D7",
"versionEndExcluding": "10.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9F6B63B9-F4C9-4A3F-9310-E0918E1070D1",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "E6FF5F80-A991-43D4-B49F-D843E2BC5798",
"versionEndIncluding": "2.414.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"matchCriteriaId": "54D25DA9-12D0-4F14-83E6-C69D0293AAB9",
"versionEndIncluding": "2.427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1AFFB9-C717-4727-B0C9-5A0C281710E2",
"versionEndExcluding": "9.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25C85001-E0AB-4B01-8EE7-1D9C77CD956E",
"versionEndExcluding": "1.21.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2BDBAC-8D19-4F81-8D31-6D0955A53D82",
"versionEndExcluding": "3.2.003.009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F98F9D27-6659-413F-8F29-4FDB0882AAC5",
"versionEndExcluding": "11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C98BF315-C563-47C2-BAD1-63347A3D1008",
"versionEndExcluding": "4.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F30E209-FA52-4D3B-9B88-4193EA388554",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_situation_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3178F3A5-A072-44E1-A225-B04BC536F4FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2BE0F1-DD16-4876-8EBA-F187BD38B159",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "796B6C58-2140-4105-A2A1-69865A194A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA99DC6-EA03-469F-A8BE-7F96FDF0B333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6560DBF4-AFE6-4672-95DE-74A0B8F4170A",
"versionEndExcluding": "x14.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84785919-796D-41E5-B652-6B5765C81D4A",
"versionEndExcluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E",
"versionEndExcluding": "4.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD",
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE2F959-1084-48D1-B1F1-8182FC9862DD",
"versionEndExcluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F",
"versionEndExcluding": "3.10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB6B48E-EA36-40A0-96D0-AF909BEC1147",
"versionEndExcluding": "11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBED844-7F94-498C-836D-8593381A9657",
"versionEndExcluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510",
"versionEndExcluding": "2.19.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358FA1DC-63D3-49F6-AC07-9E277DD0D9DA",
"versionEndExcluding": "x14.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF2D182-7599-4B81-B56B-F44EDA1384C0",
"versionEndExcluding": "2024.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4868BCCA-24DE-4F24-A8AF-B3A545C0396E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A",
"versionEndExcluding": "2024.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC75F99-C7F0-47EB-9032-C9D3A42EBA20",
"versionEndExcluding": "2024.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6638F4E-16F7-447D-B755-52640BCB1C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC34F742-530E-4AB4-8AFC-D1E088E256B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E22AD683-345B-4E16-BB9E-E9B1783E09AD",
"versionEndExcluding": "12.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2955BEE9-F567-4006-B96D-92E10FF84DB4",
"versionEndExcluding": "1.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67502878-DB20-4410-ABA0-A1C5705064CD",
"versionEndExcluding": "17.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "177DED2D-8089-4494-BDD9-7F84FC06CD5B",
"versionEndExcluding": "7.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54A29FD3-4128-4333-8445-A7DD04A6ECF6",
"versionEndExcluding": "15.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67074526-9933-46B3-9FE3-A0BE73C5E8A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
"versionEndExcluding": "10.2\\(7\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
"versionEndExcluding": "10.3\\(5\\)",
"versionStartIncluding": "10.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE71D34C-227A-4789-BA4D-79E5FDE311DB",
"versionEndExcluding": "10.4\\(2\\)",
"versionStartIncluding": "10.4\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09AC2BAD-F536-48D0-A2F0-D4E290519EB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FF2EC4-0C09-4C00-9956-A2A4A894F63D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D14D4B4E-120E-4607-A4F1-447C7BF3052E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15702ACB-29F3-412D-8805-E107E0729E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29B34855-D8D2-4114-80D2-A4D159C62458",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DBBFE9-835C-4411-8492-6006E74BAC65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C97C29EE-9426-4BBE-8D84-AB5FF748703D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-x\\/3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E142C18F-9FB5-4D96-866A-141D7D16CAF7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7817F4E6-B2DA-4F06-95A4-AF329F594C02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq\\/pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFC116A-627F-4E05-B631-651D161217C8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A532C0-B0E3-484A-B356-88970E7D0248",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C84D24C-2256-42AF-898A-221EBE9FE1E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D008CA1C-6F5A-40EA-BB12-A9D84D5AF700",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43913A0E-50D5-47DD-94D8-DD3391633619",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA52D5C1-13D8-4D23-B022-954CCEF491F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1073F-D374-4311-8F12-AD8C72FAA293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E505C0B1-2119-4C6A-BF96-C282C633D169",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x\\/xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "915EF8F6-6039-4DD0-B875-30D911752B74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97217080-455C-48E4-8CE1-6D5B9485864F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9",
"versionEndExcluding": "10.2\\(7\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A236A0A-6956-4D79-B8E5-B2D0C79FAE88",
"versionEndExcluding": "10.3\\(5\\)",
"versionStartIncluding": "10.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE71D34C-227A-4789-BA4D-79E5FDE311DB",
"versionEndExcluding": "10.4\\(2\\)",
"versionStartIncluding": "10.4\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "532CE4B0-A3C9-4613-AAAF-727817D06FB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24CA1A59-2681-4507-AC74-53BD481099B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB9FDE8-8533-4F65-BF32-4066D042B2F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA5389A-8AD1-476E-983A-54DF573C30F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B1A8F1-45B1-4E64-A254-7191FA93CB6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2FFD26-8255-4351-8594-29D2AEFC06EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61E10975-B47E-4F4D-8096-AEC7B7733612",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40E40F42-632A-47DF-BE33-DC25B826310B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C64136-89C2-443C-AF7B-BED81D3DE25A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEF7F26-BB47-44BD-872E-130820557C23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "182000E0-8204-4D8B-B7DE-B191AFE12E28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC208BC-7E19-48C6-A20E-A79A51B7362C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "102F91CD-DFB6-43D4-AE5B-DA157A696230",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "084D0191-563B-4FF0-B589-F35DA118E1C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DB6FC5-762A-4F16-AE8C-69330EFCF640",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5394DE31-3863-4CA9-B7B1-E5227183100D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "968390BC-B430-4903-B614-13104BFAE635",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4BB834-2C00-4384-A78E-AF3BCDDC58AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE49B45-F2E9-491D-9C29-1B46E9CE14E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFAD21E-59EE-4CCE-8F1E-621D2EA50905",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02C3CE6D-BD54-48B1-A188-8E53DA001424",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "498991F7-39D6-428C-8C7D-DD8DC72A0346",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B90D36-5124-4669-8462-4EAF35B0F53D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1127D2-12C0-454F-91EF-5EE334070D06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6EB963-E0F2-4A02-8765-AB2064BE19E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAF99B-5406-4722-81FB-A91CBAC2DF41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73DC1E93-561E-490C-AE0E-B02BAB9A7C8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF467E2-4567-426E-8F48-39669E0F514C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68EA1FEF-B6B6-49FE-A0A4-5387F76303F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D6DB7F-C025-4971-9615-73393ED61078",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B53BCB42-ED61-4FCF-8068-CB467631C63C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "737C724A-B6CD-4FF7-96E0-EBBF645D660E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7067AEC7-DFC8-4437-9338-C5165D9A8F36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489D11EC-5A18-4F32-BC7C-AC1FCEC27222",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D4CF15-B293-4403-A1A9-96AD3933BAEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCC1515-2DBE-4DF2-8E83-29A869170F36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7282AAFF-ED18-4992-AC12-D953C35EC328",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "360409CC-4172-4878-A76B-EA1C1F8C7A79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D5D5E2-B40B-475D-9EF3-8441016E37E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73F59A4B-AE92-4533-8EDC-D1DD850309FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "492A2C86-DD38-466B-9965-77629A73814F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB7AA46-4018-4925-963E-719E1037F759",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31B9D1E4-10B9-4B6F-B848-D93ABF6486D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_a\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB270C45-756E-400A-979F-D07D750C881A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8A085C-2DBA-4269-AB01-B16019FBB4DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500_supervisor_b\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A79DD582-AF68-44F1-B640-766B46EF2BE2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B04484DA-AA59-4833-916E-6A8C96D34F0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D07B5399-44C7-468D-9D57-BB5B5E26CE50",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B76FB64F-16F0-4B0B-B304-B46258D434BA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E128053-834B-4DD5-A517-D14B4FC2B56F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "163743A1-09E7-4EC5-8ECA-79E4B9CE173B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE340E4C-DC48-4FC8-921B-EE304DB5AE0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C367BBE0-D71F-4CB5-B50E-72B033E73FE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85E1D224-4751-4233-A127-A041068C804A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31B075-01B1-429E-83F4-B999356A0EB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3284D16F-3275-4F8D-8AE4-D413DE19C4FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
},
{
"lang": "es",
"value": "El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como se explot\u00f3 en la naturaleza entre agosto y octubre de 2023."
}
],
"id": "CVE-2023-44487",
"lastModified": "2025-06-11T17:29:54.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-10T14:15:10.883",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Press/Media Coverage"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Vendor Advisory"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Press/Media Coverage"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-21 15:15
Modified
2025-04-01 20:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c | Patch | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9 | Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.33.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129FA49E-ADA2-4ACF-98D1-245E8CE9E793",
"versionEndExcluding": "1.30.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D97CBD62-50CA-4E4E-BCCC-E323A10CC4B5",
"versionEndExcluding": "1.31.6",
"versionStartIncluding": "1.31.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3801C869-713E-455C-ADD0-9ECA98498835",
"versionEndExcluding": "1.32.4",
"versionStartIncluding": "1.32.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F92855-6744-4C5C-9B75-83D5CA67D843",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy\u0027s ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter\u0027s life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10."
},
{
"lang": "es",
"value": "Envoy es un proxy de alto rendimiento para servicios perimetrales, intermedios y de borde, nativo de la nube. En versiones anteriores a las 1.33.1, 1.32.4, 1.31.6 y 1.30.10, el filtro HTTP ext_proc de Envoy corr\u00eda el riesgo de bloquearse si se enviaba una respuesta local al servidor externo debido a un problema de duraci\u00f3n del filtro. Un fallo en el protocolo de enlace websocket desencadenaba una respuesta local que provocaba el bloqueo de Envoy. Esta vulnerabilidad se corrigi\u00f3 en las versiones 1.33.1, 1.32.4, 1.31.6 y 1.30.10."
}
],
"id": "CVE-2025-30157",
"lastModified": "2025-04-01T20:22:34.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-21T15:15:43.290",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-460"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-19 23:15
Modified
2024-11-21 04:28
Severity ?
Summary
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/issues/7728 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/issues/7728 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "606F68BB-F0D3-4D49-925C-4C5BFB2E120B",
"versionEndIncluding": "1.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993."
},
{
"lang": "es",
"value": "En Envoy versiones hasta 1.11.1, los usuarios pueden configurar una ruta (path) para que coincida con los encabezados de ruta (path) entrantes por medio de la implementaci\u00f3n de expresiones regulares libstdc++. Un atacante remoto puede enviar una petici\u00f3n con una URI muy larga para resultar en una denegaci\u00f3n de servicio (consumo de memoria). Este es un problema relacionado con el CVE-2019-14993."
}
],
"id": "CVE-2019-15225",
"lastModified": "2024-11-21T04:28:14.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-19T23:15:10.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/7728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/7728"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 22:15
Modified
2024-11-21 06:18
Severity ?
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc | Third Party Advisory | |
| security-advisories@github.com | https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r | Third Party Advisory | |
| security-advisories@github.com | https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 | |
| pomerium | pomerium | * | |
| pomerium | pomerium | 0.15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA474E1-2F0F-44D7-938F-40EE9DB5C230",
"versionEndIncluding": "1.16.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83547329-1394-417F-93DB-70C1A9D173B0",
"versionEndExcluding": "1.17.4",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781",
"versionEndExcluding": "1.18.4",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2793176B-E77A-4393-BFE5-15100D2E80FD",
"versionEndExcluding": "0.14.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0082414-BE21-4DDC-8B84-5DC9F9BAE8E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched."
},
{
"lang": "es",
"value": "Pomerium es un proxy de acceso de c\u00f3digo abierto consciente de la identidad. Envoy, en el que es basado Pomerium, maneja inapropiadamente el restablecimiento de los flujos HTTP/2 con una complejidad excesiva. Esto puede conllevar a un alto uso de la CPU cuando es restablecido un gran n\u00famero de flujos. Esto puede resultar en una condici\u00f3n de DoS. Las versiones 0.14.8 y 0.15.1 de Pomerium contienen un binario envoy actualizado con esta vulnerabilidad parcheada"
}
],
"id": "CVE-2021-39204",
"lastModified": "2024-11-21T06:18:53.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-09-09T22:15:09.773",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-834"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-834"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 19:15
Modified
2024-11-21 06:58
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db | Patch | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "343FE7CD-C2BF-42EE-8384-AAD008BE690D",
"versionEndExcluding": "1.22.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can \u201chold\u201d (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation."
},
{
"lang": "es",
"value": "Envoy es un proxy de alto rendimiento nativo de la nube. Las versiones de Envoy anteriores a 1.22.1 est\u00e1n sujetas a un fallo de segmentaci\u00f3n en el GrpcHealthCheckerImpl. Envoy puede llevar a cabo varios tipos de comprobaci\u00f3n de la salud de los usuarios. Uno de ellos usa gRPC. Envoy tambi\u00e9n presenta una funci\u00f3n que puede \"retener\" (impedir la eliminaci\u00f3n) los hosts upstream obtenidos por medio de la detecci\u00f3n de servicios hasta que falle la comprobaci\u00f3n de salud activa configurada. Si un atacante controla un host upstream y tambi\u00e9n controla la detecci\u00f3n de servicios de ese host (a trav\u00e9s de DNS, la API EDS, etc.), un atacante puede bloquear Envoy al forzar la eliminaci\u00f3n del host de la detecci\u00f3n de servicios, y luego fallando la petici\u00f3n de comprobaci\u00f3n de salud gRPC. Esto bloquear\u00e1 Envoy por medio de una desreferencia de puntero null. Es recomendado a usuarios actualizar para resolver esta vulnerabilidad. Los usuarios que no puedan actualizar pueden deshabilitar la comprobaci\u00f3n de estado de gRPC y/o sustituirla por un tipo de comprobaci\u00f3n de estado diferente como medida de mitigaci\u00f3n"
}
],
"id": "CVE-2022-29224",
"lastModified": "2024-11-21T06:58:45.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T19:15:10.450",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 21:15
Modified
2024-11-21 08:57
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1020E2E2-EDFA-4188-B17F-406904256EB1",
"versionEndExcluding": "1.27.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0",
"versionEndExcluding": "1.30.2",
"versionStartIncluding": "1.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.\n\n"
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Existe una vulnerabilidad te\u00f3rica de contrabando de solicitudes a trav\u00e9s de Envoy si se puede enga\u00f1ar a un servidor para que agregue un encabezado de actualizaci\u00f3n en una respuesta. Seg\u00fan RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7, un servidor env\u00eda 101 al cambiar de protocolo. Envoy acepta incorrectamente una respuesta 200 de un servidor cuando solicita una actualizaci\u00f3n de protocolo, pero 200 no indica un cambio de protocolo. Esto abre la posibilidad de contrabando de solicitudes a trav\u00e9s de Envoy si se puede enga\u00f1ar al servidor para que agregue el encabezado de actualizaci\u00f3n a la respuesta."
}
],
"id": "CVE-2024-23326",
"lastModified": "2024-11-21T08:57:30.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T21:15:33.440",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-391"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 20:15
Modified
2024-11-21 07:53
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD93214-C958-4A69-9291-15D1C22CFD3F",
"versionEndExcluding": "1.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFB303-DA5A-4E83-93F7-3C1EA340E434",
"versionEndExcluding": "1.23.6",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B633B8-FA4A-4630-9302-96F2C8336E36",
"versionEndExcluding": "1.24.4",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFC6741-6FDF-47F6-A4AF-B5F5233ABB71",
"versionEndExcluding": "1.25.3",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script). \n"
}
],
"id": "CVE-2023-27496",
"lastModified": "2024-11-21T07:53:01.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T20:15:07.520",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 20:15
Modified
2024-11-21 06:58
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "343FE7CD-C2BF-42EE-8384-AAD008BE690D",
"versionEndExcluding": "1.22.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue."
},
{
"lang": "es",
"value": "Envoy es un proxy de alto rendimiento nativo de la nube. En versiones anteriores a 1.22.1, la implementaci\u00f3n del filtro OAuth no incluye un mecanismo para comprobar los tokens de acceso, por lo que, por dise\u00f1o, cuando falta la cookie firmada por HMAC, deber\u00eda desencadenarse un flujo de autenticaci\u00f3n completo. Sin embargo, la implementaci\u00f3n actual asume que los tokens de acceso son siempre comprobados, permitiendo as\u00ed el acceso en presencia de cualquier token de acceso adjunto a la petici\u00f3n. Es recomendado a usuarios actualizar. No es conocida ninguna mitigaci\u00f3n para este problema"
}
],
"id": "CVE-2022-29226",
"lastModified": "2024-11-21T06:58:45.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T20:15:08.077",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/7ffda4e809dec74449ebc330cebb9d2f4ab61360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h45c-2f94-prxh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 18:15
Modified
2024-11-21 07:53
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service.
When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests.
As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph | Exploit, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD93214-C958-4A69-9291-15D1C22CFD3F",
"versionEndExcluding": "1.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFB303-DA5A-4E83-93F7-3C1EA340E434",
"versionEndExcluding": "1.23.6",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B633B8-FA4A-4630-9302-96F2C8336E36",
"versionEndExcluding": "1.24.4",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFC6741-6FDF-47F6-A4AF-B5F5233ABB71",
"versionEndExcluding": "1.25.3",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service.\n\nWhen Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. \n\nAs of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`."
}
],
"id": "CVE-2023-27488",
"lastModified": "2024-11-21T07:53:00.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T18:15:07.083",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-24 21:15
Modified
2024-11-21 06:07
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h | Third Party Advisory | |
| security-advisories@github.com | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC3BF7F-5B28-4765-8C6F-E2437A4B425D",
"versionEndExcluding": "1.16.5",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83547329-1394-417F-93DB-70C1A9D173B0",
"versionEndExcluding": "1.17.4",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781",
"versionEndExcluding": "1.18.4",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization."
},
{
"lang": "es",
"value": "Envoy es un proxy L7 de c\u00f3digo abierto y un bus de comunicaci\u00f3n dise\u00f1ado para grandes arquitecturas modernas orientadas a servicios. En las versiones afectadas, cuando la extensi\u00f3n ext-authz env\u00eda los encabezados de las peticiones al servicio de autorizaci\u00f3n externo, debe combinar varios encabezados de valores de acuerdo con las especificaciones HTTP. Sin embargo, s\u00f3lo se env\u00eda el \u00faltimo valor del encabezado. Esto puede permitir a peticiones espec\u00edficamente dise\u00f1adas omitir la autorizaci\u00f3n. Unos atacantes pueden ser capaces de escalar privilegios cuando es usada la extensi\u00f3n ext-authz o el servicio de back-end que usa m\u00faltiples valores del encabezado para la autorizaci\u00f3n. Una petici\u00f3n espec\u00edficamente construida puede ser entregada por un peer downstream no confiable en presencia de la extensi\u00f3n ext-authz. Envoy versiones 1.19.1, 1.18.4, 1.17.4, 1.16.5, contienen correcciones a la extensi\u00f3n ext-authz para combinar correctamente los valores de los encabezados de peticiones m\u00faltiples, cuando se env\u00edan peticiones de autorizaci\u00f3n."
}
],
"id": "CVE-2021-32777",
"lastModified": "2024-11-21T06:07:43.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-24T21:15:06.970",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-551"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-01 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy-setec/issues/137 | Broken Link | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy-setec/issues/137 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.13.2 | |
| envoyproxy | envoy | 1.14.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EC70B-A398-42FC-84C1-4892D07787F5",
"versionEndIncluding": "1.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEA6763-6AEC-4081-A4AD-7C0D9C716AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC44FC52-B495-46D3-B5FC-2B5B5D214102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs."
},
{
"lang": "es",
"value": "Envoy versiones 1.14.2, 1.13.2, 1.12.4 o anteriores, puede consumir cantidades excesivas de memoria cuando se procesan encabezados HTTP/1.1 con nombres de campo largos o peticiones con las URL largas"
}
],
"id": "CVE-2020-12605",
"lastModified": "2024-11-21T04:59:54.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-01T15:15:12.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/137"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-09 20:15
Modified
2024-11-21 06:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "343FE7CD-C2BF-42EE-8384-AAD008BE690D",
"versionEndExcluding": "1.22.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there\u2019s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde/medio/servicio de alto rendimiento nativo de la nube. En versiones anteriores a 1.22.1, si Envoy intenta enviar un redireccionamiento interno de una petici\u00f3n HTTP que consta de m\u00e1s encabezados HTTP, se presenta un error de por vida que puede desencadenarse. Si mientras es reproducida la petici\u00f3n Envoy env\u00eda una respuesta local cuando son procesados los encabezados del redireccionamiento, el estado descendente indica que el flujo descendente no est\u00e1 completo. Al enviar la respuesta local, Envoy intentar\u00e1 restablecer el flujo descendente, pero como en realidad est\u00e1 completo, y ha sido eliminado, esto resulta en un uso de memoria previamente liberada. es recomendado a usuarios actualizar. Es recomendado a usuarios que no puedan actualizar deshabilitar los redireccionamientos internos si son observados bloqueos"
}
],
"id": "CVE-2022-29227",
"lastModified": "2024-11-21T06:58:45.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T20:15:08.140",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFC93D0-C206-417C-81D0-F18145E3D768",
"versionEndExcluding": "1.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8",
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83895D03-DAD1-4893-8A1C-F9143DEEC172",
"versionEndExcluding": "1.21.1",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. El enrutador com\u00fan de Envoy fallar\u00e1 si una redirecci\u00f3n interna selecciona una ruta configurada con acciones de respuesta directa o redirecci\u00f3n. Esto resultar\u00e1 en una denegaci\u00f3n de servicio. Como medida de mitigaci\u00f3n, deshabilite las redirecciones internas si las entradas de respuesta directa est\u00e1n configuradas en el mismo receptor"
}
],
"id": "CVE-2022-21655",
"lastModified": "2024-11-21T06:45:09.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:11.163",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 21:15
Modified
2024-11-21 09:16
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1020E2E2-EDFA-4188-B17F-406904256EB1",
"versionEndExcluding": "1.27.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0",
"versionEndExcluding": "1.30.2",
"versionStartIncluding": "1.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Hay un bloqueo en `QuicheDataReader::PeekVarInt62Length()`. Se debe a un desbordamiento insuficiente de enteros en la implementaci\u00f3n de `QuicStreamSequencerBuffer::PeekRegion()`."
}
],
"id": "CVE-2024-32975",
"lastModified": "2024-11-21T09:16:08.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T21:15:33.987",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-01 15:15
Modified
2024-11-21 05:39
Severity ?
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997 | Third Party Advisory | |
| cve@mitre.org | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EC70B-A398-42FC-84C1-4892D07787F5",
"versionEndIncluding": "1.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6FEA19-9B0B-4C82-B761-886EEEC92C6C",
"versionEndIncluding": "1.13.2",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C469D7-95AD-4B4C-9C02-A65EF271DB40",
"versionEndIncluding": "1.14.2",
"versionStartIncluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections."
},
{
"lang": "es",
"value": "Envoy versi\u00f3n 1.14.2, 1.13.2, 1.12.4 o anteriores, puede agotar los descriptores de archivo y/o memoria al aceptar demasiadas conexiones"
}
],
"id": "CVE-2020-8663",
"lastModified": "2024-11-21T05:39:13.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-01T15:15:15.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-11 01:15
Modified
2024-11-21 04:33
Severity ?
Summary
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.envoyproxy.io | Vendor Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/istio/istio/issues/18229 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://groups.google.com/forum/#%21forum/envoy-users | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.envoyproxy.io | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/istio/istio/issues/18229 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21forum/envoy-users |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | 1.12.0 | |
| istio | istio | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64A23B79-2694-46D3-A796-DD647442B403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC70ED31-2985-4211-9C4E-B8F6566944BD",
"versionEndIncluding": "1.3.3",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used.\""
},
{
"lang": "es",
"value": "Envoy versi\u00f3n 1.12.0 permite una denegaci\u00f3n de servicio remota debido a bucles de recursos, como es demostrado por una conexi\u00f3n TCP inactiva que es capaz de mantener un subproceso o hilo de trabajo en un bucle ocupado infinito cuando la funci\u00f3n continue_on_listener_filters_timeout es usada."
}
],
"id": "CVE-2019-18836",
"lastModified": "2024-11-21T04:33:40.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-11T01:15:10.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/istio/istio/issues/18229"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/istio/istio/issues/18229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-11 03:15
Modified
2024-11-21 05:48
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy's JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers' results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/pull/15194 | Patch | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/pull/15194 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27 | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | 1.17.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E426CE56-9EB3-4641-B9A0-2E418FD3478F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy\u0027s JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy\u0027s JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers\u0027 results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing."
},
{
"lang": "es",
"value": "Envoy es un proxy edge/middle/service de servicio de alto rendimiento nativo de la nube.\u0026#xa0;En versi\u00f3n 1.17.0 de Envoy, un atacante puede omitir la autenticaci\u00f3n presentando un token JWT con un emisor que no est\u00e1 en la lista de proveedores cuando el filtro de autenticaci\u00f3n JWT de Envoy est\u00e1 configurado con el requisito \"allow_missing\" en \"require_any\" debido a un error en la implementaci\u00f3n.\u0026#xa0;El filtro de autenticaci\u00f3n JWT de Envoy puede ser configurado con el requisito \"allow_missing\" que se cumplir\u00e1 si falta JWT (error JwtMissed) y presentar\u00e1 un fallo si JWT existe o no es v\u00e1lido.\u0026#xa0;Debido a un error en la implementaci\u00f3n, un error de JwtUnknownIssuer se convirti\u00f3 por error a JwtMissed cuando se configur\u00f3 \"require_any\".\u0026#xa0;Entonces, si se configur\u00f3 \"allow_missing\" en \"require_any\", un atacante puede omitir la autenticaci\u00f3n al presentar un token JWT con un emisor que no est\u00e1 en la lista de proveedores.\u0026#xa0;La integridad puede ser impactada seg\u00fan la configuraci\u00f3n si el token JWT se usa para proteger contra escrituras o modificaciones.\u0026#xa0;Esta regresi\u00f3n fue introducida el 12/11/2020 en PR 13839, que corrigi\u00f3 el manejo de \"allow_missing\" en RequireAny en un JwtRequirement (consulte el problema 13458).\u0026#xa0;AnyVerifier agrega los resultados de los comprobadores secundarios a un estado final donde JwtMissing es el error predeterminado.\u0026#xa0;Sin embargo, un JwtUnknownIssuer se trat\u00f3 por error igual que un error JwtMissing y la agregaci\u00f3n final resultante fue el JwtMissing predeterminado.\u0026#xa0;Como resultado, \"allow_missing\" permitir\u00eda un token JWT con un estado de emisor desconocido.\u0026#xa0;Esto es corregido en versi\u00f3n 1.17.1 por PR 15194. La correcci\u00f3n funciona al preferir JwtUnknownIssuer sobre un error de JwtMissing, corrigiendo la conversi\u00f3n accidental y omitiendo con \"allow_missing\".\u0026#xa0;Un usuario podr\u00eda detectar si se produjo una omisi\u00f3n si posee los registros de Envoy habilitados con verbosidad de depuraci\u00f3n\u0026#xa0;Los usuarios pueden habilitar registros de depuraci\u00f3n a nivel de componente para JWT.\u0026#xa0;Los registros del filtro JWT indicar\u00e1n que se presenta una petici\u00f3n con un token JWT y un fallo de que falta el token JWT"
}
],
"id": "CVE-2021-21378",
"lastModified": "2024-11-21T05:48:14.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-11T03:15:12.163",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/15194"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/pull/15194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-303"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-09 23:15
Modified
2024-11-21 08:57
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a | Patch, Vendor Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F",
"versionEndExcluding": "1.26.7",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6",
"versionEndExcluding": "1.27.3",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3",
"versionEndExcluding": "1.28.1",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA",
"versionEndExcluding": "1.29.1",
"versionStartIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. La autenticaci\u00f3n externa se puede omitir mediante conexiones descendentes. Los clientes intermedios pueden forzar el env\u00edo de solicitudes gRPC no v\u00e1lidas a ext_authz, eludiendo las comprobaciones de ext_authz cuando Failure_mode_allow se establece en verdadero. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-23324",
"lastModified": "2024-11-21T08:57:30.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-09T23:15:09.223",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 21:15
Modified
2024-11-21 08:09
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r | Vendor Advisory | |
| security-advisories@github.com | https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346 | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346 | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| nghttp2 | nghttp2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6229C1E0-69F5-49E0-AECC-F98E792E06F4",
"versionEndExcluding": "1.23.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E48F872E-5893-4F65-AB15-CA5E9240FD48",
"versionEndExcluding": "1.24.9",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A8C39F9-39D8-475E-BF5D-52DF8435C02D",
"versionEndExcluding": "1.25.8",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E208BBEC-FFAC-4513-AF33-45029CC8E0F3",
"versionEndExcluding": "1.26.3",
"versionStartIncluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE13342-76A9-4B62-941D-39C1FE18E19D",
"versionEndExcluding": "1.55.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy\u2019s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11."
}
],
"id": "CVE-2023-35945",
"lastModified": "2024-11-21T08:09:01.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T21:15:08.880",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-09 23:15
Modified
2024-11-21 08:57
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645 | Patch, Vendor Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F",
"versionEndExcluding": "1.26.7",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6",
"versionEndExcluding": "1.27.3",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3",
"versionEndExcluding": "1.28.1",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA",
"versionEndExcluding": "1.29.1",
"versionStartIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. La expresi\u00f3n regular se compila para cada solicitud y puede provocar un uso elevado de la CPU y una mayor latencia de la solicitud cuando se configuran varias rutas con dichos comparadores. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-23323",
"lastModified": "2024-11-21T08:57:30.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-09T23:15:08.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-1176"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-13 13:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request's Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.envoyproxy.io | Product | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/commits/master | Patch | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc | Exploit, Third Party Advisory | |
| cve@mitre.org | https://groups.google.com/forum/#%21forum/envoy-users | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.envoyproxy.io | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commits/master | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21forum/envoy-users |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FE9447-DDAB-42A3-827A-DAB57328D902",
"versionEndIncluding": "1.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated \"Invalid request\" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access a request\u0027s Host header causes a NULL pointer dereference, resulting in abnormal termination of the Envoy process."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Envoy versi\u00f3n 1.12.0. Tras recibir una petici\u00f3n HTTP malformada sin un encabezado Host, se env\u00eda una respuesta \"Invalid request\" generada internamente. Esta respuesta generada internamente es enviada por medio de la cadena de filtro del codificador configurado antes de enviarse al cliente. Un filtro del codificador que invoca las API de administrador de ruta que acceden al encabezado Host de una petici\u00f3n causa una desreferencia del puntero NULL, resultando en la terminaci\u00f3n anormal del proceso de Envoy."
}
],
"id": "CVE-2019-18838",
"lastModified": "2024-11-21T04:33:41.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-13T13:15:11.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21forum/envoy-users"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-24 21:15
Modified
2024-11-21 06:07
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc | Third Party Advisory | |
| security-advisories@github.com | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC3BF7F-5B28-4765-8C6F-E2437A4B425D",
"versionEndExcluding": "1.16.5",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83547329-1394-417F-93DB-70C1A9D173B0",
"versionEndExcluding": "1.17.4",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781",
"versionEndExcluding": "1.18.4",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy\u2019s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100."
},
{
"lang": "es",
"value": "Envoy es un proxy L7 de c\u00f3digo abierto y un bus de comunicaci\u00f3n dise\u00f1ado para grandes arquitecturas modernas orientadas a servicios. En las versiones afectadas, el procedimiento de Envoy para restablecer un flujo HTTP/2 presenta una complejidad O(N^2), conllevando a un alto uso de la CPU cuando se restablece un gran n\u00famero de flujos. Los despliegues son susceptibles a una Denegaci\u00f3n de Servicio cuando Envoy est\u00e1 configurado con un alto l\u00edmite de flujos concurrentes H/2. Un atacante que desee explotar esta vulnerabilidad necesitar\u00eda un cliente que abriera y cerrara un gran n\u00famero de flujos H/2. Envoy versiones 1.19.1, 1.18.4, 1.17.4 y 1.16.5, contienen correcciones para reducir la complejidad del tiempo de restablecimiento de los flujos HTTP/2. Como soluci\u00f3n, los usuarios pueden limitar el n\u00famero de sue\u00f1os HTTP/2 simult\u00e1neos para los pares ascendentes y descendentes a un n\u00famero bajo, es decir, 100."
}
],
"id": "CVE-2021-32778",
"lastModified": "2024-11-21T06:07:43.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-24T21:15:09.553",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-834"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-834"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-01 17:15
Modified
2024-11-21 05:16
Severity ?
Summary
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673 | Third Party Advisory | |
| cve@mitre.org | https://groups.google.com/forum/#%21forum/envoy-security-announce | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21forum/envoy-security-announce |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B23F321-69BA-459A-83FA-801E0B4E6BF7",
"versionEndExcluding": "3b5acb2",
"versionStartIncluding": "2d69e30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization."
},
{
"lang": "es",
"value": "Envoy master versiones entre 2d69e30 y 3b5acb2, puede presentar un fallo al analizar una URL de petici\u00f3n que requiere la canonicalizaci\u00f3n del host"
}
],
"id": "CVE-2020-25018",
"lastModified": "2024-11-21T05:16:32.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-01T17:15:13.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21forum/envoy-security-announce"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-20 17:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.envoyproxy.io | Vendor Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy-setec/pull/230 | Broken Link | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/releases/tag/v1.14.0 | Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg | Not Applicable, Third Party Advisory | |
| nvd@nist.gov | https://github.com/envoyproxy/envoy/security/advisories/GHSA-rqvq-hxw5-776j | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.envoyproxy.io | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy-setec/pull/230 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/releases/tag/v1.14.0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg | Not Applicable, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | 1.14.6 | |
| envoyproxy | envoy | 1.15.3 | |
| envoyproxy | envoy | 1.16.2 | |
| envoyproxy | envoy | 1.17.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DBF84E-6E48-4EBD-AC66-E345063B521F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B87350B3-58D6-4A1E-8A4A-8846D65070CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "065415B4-0F56-4AE3-B17D-B38416543DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA926D71-E8B2-40D9-9D44-CAC09EB4FCA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Envoy versi\u00f3n 1.14.0.\u0026#xa0;Se presenta un bloqueo explotable remoto para unos metadatos HTTP2, porque un mapa de METADATOS vac\u00edo desencadena un Reachable Assertion"
}
],
"id": "CVE-2021-29258",
"lastModified": "2024-11-21T06:00:53.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-20T17:15:07.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/envoyproxy/envoy-setec/pull/230"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/releases/tag/v1.14.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rqvq-hxw5-776j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.envoyproxy.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/envoyproxy/envoy-setec/pull/230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/releases/tag/v1.14.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-04 22:15
Modified
2024-11-21 05:39
Severity ?
Summary
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0734 | Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx | Third Party Advisory | |
| cve@mitre.org | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0734 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC4665-B4CC-4C2F-AD63-6036A2DFD03A",
"versionEndExcluding": "1.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAF9778-93D0-4D9F-8BD3-B81AB423155F",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process."
},
{
"lang": "es",
"value": "Una omisi\u00f3n del inspector TLS de CNCF Envoy versiones hasta 1.13.0. El inspector TLS podr\u00eda haber sido omitido (no reconocido como cliente TLS) por un cliente que usa solo TLS versi\u00f3n 1.3. Debido a que las extensiones TLS (SNI, ALPN) no fueron inspeccionadas, esas conexiones podr\u00edan haber coincidido con una cadena de filtro err\u00f3nea, posiblemente omitiendo algunas restricciones de seguridad en el proceso."
}
],
"id": "CVE-2020-8660",
"lastModified": "2024-11-21T05:39:13.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-04T22:15:11.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:45
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/pull/630 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/pull/630 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFC93D0-C206-417C-81D0-F18145E3D768",
"versionEndExcluding": "1.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8",
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. En las versiones afectadas, Envoy no restringe el conjunto de certificados que acepta del par, ya sea como cliente TLS o como servidor TLS, a s\u00f3lo aquellos certificados que contienen el extendedKeyUsage necesario (id-kp-serverAuth e id-kp-clientAuth, respectivamente). Esto significa que un par puede presentar un certificado de correo electr\u00f3nico (por ejemplo, id-kp-emailProtection), ya sea como certificado de hoja o como CA en la cadena, y ser\u00e1 aceptado para TLS. Esto es particularmente malo cuando es combinado con el problema descrito en la petici\u00f3n #630, en el sentido de que permite que una CA de PKI de la Web que est\u00e1 destinada s\u00f3lo a ser usada con S/MIME, y por lo tanto exenta de auditor\u00eda o supervisi\u00f3n, emita certificados TLS que ser\u00e1n aceptados por Envoy. En consecuencia, Envoy confiar\u00e1 en certificados de origen que no deber\u00edan ser confiables. No se conocen medidas de mitigaci\u00f3n a este problema. Es recomendado a usuarios actualizar"
}
],
"id": "CVE-2022-21657",
"lastModified": "2024-11-21T06:45:10.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:11.277",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/pull/630"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/pull/630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-837m-wjrv-vm5g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 01:15
Modified
2024-11-21 05:27
Severity ?
Summary
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/issues/14087 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/pull/14131 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/issues/14087 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/pull/14131 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49543588-1B38-4406-AE61-5414E7CD6B4B",
"versionEndExcluding": "1.16.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters)."
},
{
"lang": "es",
"value": "Envoy versiones anteriores a 1.16.1, registra una direcci\u00f3n posterior incorrecta porque considera solo al peer conectado directamente, no la informaci\u00f3n en el encabezado proxy protocol.\u0026#xa0;Esto afecta situaciones con tcp-proxy como filtro de red (no filtros HTTP)"
}
],
"id": "CVE-2020-35470",
"lastModified": "2024-11-21T05:27:21.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T01:15:13.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/14087"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/pull/14131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/14087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/pull/14131"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-04 20:15
Modified
2024-11-21 07:53
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD93214-C958-4A69-9291-15D1C22CFD3F",
"versionEndExcluding": "1.22.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17BFB303-DA5A-4E83-93F7-3C1EA340E434",
"versionEndExcluding": "1.23.6",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B633B8-FA4A-4630-9302-96F2C8336E36",
"versionEndExcluding": "1.24.4",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFC6741-6FDF-47F6-A4AF-B5F5233ABB71",
"versionEndExcluding": "1.25.3",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy\u2019s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties."
}
],
"id": "CVE-2023-27493",
"lastModified": "2024-11-21T07:53:01.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-04T20:15:07.463",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-28 21:15
Modified
2024-11-21 06:01
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\` interchangeably.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9E311E-85FF-42AA-B0A3-C138D436932D",
"versionEndExcluding": "1.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D36D66BB-9C95-4E59-AA78-6824ACCB89D7",
"versionEndExcluding": "1.16.4",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D502D5F9-38A7-46B1-890D-2A177B76AEBB",
"versionEndExcluding": "1.17.3",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D8EC7-7D60-41C5-9770-3521DB6F7650",
"versionEndExcluding": "1.18.3",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\\` interchangeably."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde/medio/servicio nativo de la nube. Envoy no descifra las secuencias de barras diagonales escapadas `%2F` y `%5C` en las rutas URL HTTP en las versiones 1.18.2 y anteriores. Un atacante remoto puede crear una ruta con barras escapadas, por ejemplo `algo%2F..%2Fadmin`, para saltarse el control de acceso, por ejemplo, un bloqueo en `/admin`. Un servidor backend podr\u00eda entonces decodificar las secuencias de barras y normalizar la ruta y proporcionar a un atacante acceso m\u00e1s all\u00e1 del alcance previsto por la pol\u00edtica de control de acceso. ### Impacto Escalada de Privilegios cuando se utilizan filtros RBAC o JWT con aplicaci\u00f3n basada en la ruta de la URL. Los usuarios con servidores de back-end que interpretan `%2F` y `/` y `%5C` y `\\` indistintamente est\u00e1n impactados. ### Vector de ataque Rutas de URL que contienen caracteres de barra diagonal escapados entregados por un cliente que no es de confianza. Los parches de las versiones 1.18.3, 1.17.3, 1.16.4 y 1.15.5 contienen una nueva opci\u00f3n de normalizaci\u00f3n de rutas para descodificar los caracteres de barra diagonal escapados. Como soluci\u00f3n, si los servidores finales tratan `%2F` y `/` y `%5C` y `\\` indistintamente y se configura un control de acceso basado en la ruta de la URL, se puede reconfigurar el servidor final para que no trate `%2F` y `/` y `%5C` y `\\` indistintamente"
}
],
"id": "CVE-2021-29492",
"lastModified": "2024-11-21T06:01:14.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-28T21:15:08.670",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4987-27fx-x6cf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 21:15
Modified
2024-11-21 09:18
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1020E2E2-EDFA-4188-B17F-406904256EB1",
"versionEndExcluding": "1.27.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0",
"versionEndExcluding": "1.30.2",
"versionStartIncluding": "1.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Hay un use-after-free en `HttpConnectionManager` (HCM) con `EnvoyQuicServerStream` que puede bloquear Envoy. Un atacante puede explotar esta vulnerabilidad enviando una solicitud sin `FIN`, luego un framework `RESET_STREAM` y luego, despu\u00e9s de recibir la respuesta, cerrando la conexi\u00f3n."
}
],
"id": "CVE-2024-34362",
"lastModified": "2024-11-21T09:18:30.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T21:15:34.530",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFC93D0-C206-417C-81D0-F18145E3D768",
"versionEndExcluding": "1.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8",
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83895D03-DAD1-4893-8A1C-F9143DEEC172",
"versionEndExcluding": "1.21.1",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. En las versiones afectadas, una solicitud crafteada bloquea Envoy cuando se env\u00eda una solicitud CONNECT al filtro JWT configurado con coincidencia regex. Esto proporciona un vector de ataque de denegaci\u00f3n de servicio. La \u00fanica medida de mitigaci\u00f3n es no utilizar regex en el filtro JWT. Se aconseja a los usuarios que actualicen"
}
],
"id": "CVE-2021-43824",
"lastModified": "2024-11-21T06:29:52.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:10.813",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-09 23:15
Modified
2024-11-21 08:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237 | Patch, Vendor Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F",
"versionEndExcluding": "1.26.7",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6",
"versionEndExcluding": "1.27.3",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3",
"versionEndExcluding": "1.28.1",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA",
"versionEndExcluding": "1.29.1",
"versionStartIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn\u2019t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. Envoy falla en el protocolo Proxy cuando usa un tipo de direcci\u00f3n que no es compatible con el sistema operativo. Envoy es susceptible de fallar en un host con IPv6 deshabilitado y una configuraci\u00f3n de escucha con protocolo proxy habilitado cuando recibe una solicitud en la que el cliente presenta su direcci\u00f3n IPv6. Es v\u00e1lido que un cliente presente su direcci\u00f3n IPv6 a un servidor de destino aunque toda la cadena est\u00e9 conectada a trav\u00e9s de IPv4. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-23325",
"lastModified": "2024-11-21T08:57:30.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-09T23:15:09.437",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
},
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-01 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/commits/master | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commits/master | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.13.2 | |
| envoyproxy | envoy | 1.14.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EC70B-A398-42FC-84C1-4892D07787F5",
"versionEndIncluding": "1.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEA6763-6AEC-4081-A4AD-7C0D9C716AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC44FC52-B495-46D3-B5FC-2B5B5D214102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream."
},
{
"lang": "es",
"value": "Envoy versiones 1.14.2, 1.13.2, 1.12.4 o anteriores, es susceptible a incrementar un uso de memoria en el caso en que un cliente HTTP/2 solicita una gran carga \u00fatil pero no env\u00eda suficientes actualizaciones de ventana para consumir toda la transmisi\u00f3n de datos y no se reinicia la transmisi\u00f3n de datos"
}
],
"id": "CVE-2020-12604",
"lastModified": "2024-11-21T04:59:54.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-01T15:15:12.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:45
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E9C64-FAEC-494D-82CA-2AD4381EFE52",
"versionEndExcluding": "1.20.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a \"type confusion\" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. La implementaci\u00f3n default_validator.cc usada para implementar las rutinas de comprobaci\u00f3n de certificados por defecto presenta un error de \"confusi\u00f3n de tipo\" cuando procesa subjectAltNames. Este procesamiento permite, por ejemplo, que un rfc822Name o uniformResourceIndicator sea autenticado como un nombre de dominio. Esta confusi\u00f3n permite omitir nameConstraints, tal y como lo procesa la implementaci\u00f3n subyacente de OpenSSL/BoringSSL, exponiendo la posibilidad de suplantaci\u00f3n de servidores arbitrarios. Como resultado, Envoy confiar\u00e1 en certificados de origen que no deber\u00edan ser confiables"
}
],
"id": "CVE-2022-21656",
"lastModified": "2024-11-21T06:45:10.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:11.223",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-09 23:15
Modified
2024-11-21 08:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F",
"versionEndExcluding": "1.26.7",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6",
"versionEndExcluding": "1.27.3",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3",
"versionEndExcluding": "1.28.1",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA",
"versionEndExcluding": "1.29.1",
"versionStartIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. Cuando PPv2 est\u00e1 habilitado tanto en un oyente como en un cl\u00faster posterior, la instancia de Envoy generar\u00e1 un error de segmentaci\u00f3n al intentar crear el encabezado PPv2 ascendente. Esto ocurre cuando la solicitud descendente tiene un tipo de comando LOCAL y no tiene el bloque de protocolo. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-23327",
"lastModified": "2024-11-21T08:57:31.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-09T23:15:09.647",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 23:15
Modified
2024-11-21 06:18
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h | Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm | Third Party Advisory | |
| security-advisories@github.com | https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 | |
| pomerium | pomerium | * | |
| pomerium | pomerium | 0.15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2DB212-9E55-4DFB-A81F-9478DCCF5FBF",
"versionEndExcluding": "1.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83547329-1394-417F-93DB-70C1A9D173B0",
"versionEndExcluding": "1.17.4",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781",
"versionEndExcluding": "1.18.4",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CED9F4D-17B6-48C2-87F5-CAAF4CA492A8",
"versionEndExcluding": "0.14.8",
"versionStartIncluding": "0.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0082414-BE21-4DDC-8B84-5DC9F9BAE8E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authorization or routing decisions may be made by Pomerium. Pomerium v0.14.8 and v0.15.1 contain an upgraded envoy binary with these vulnerabilities patched. This issue can only be triggered when using path prefix based policy. Removing any such policies should provide mitigation."
},
{
"lang": "es",
"value": "Pomerium es un proxy de acceso de c\u00f3digo abierto consciente de la identidad. Envoy, en el que se basa Pomerium, contiene dos vulnerabilidades relacionadas con la autorizaci\u00f3n CVE-2021-32777 y CVE-2021-32779. Esto puede conllevar a decisiones incorrectas de enrutamiento o de pol\u00edtica de autorizaci\u00f3n. Con peticiones especialmente dise\u00f1adas, Pomerium puede tomar decisiones incorrectas de autorizaci\u00f3n o enrutamiento. Pomerium versiones v0.14.8 y v0.15.1 contienen un binario envoy actualizado con estas vulnerabilidades parcheadas. Este problema s\u00f3lo puede desencadenarse cuando se usan pol\u00edticas basadas en prefijos de ruta. La eliminaci\u00f3n de tales pol\u00edticas deber\u00eda proporcionar una mitigaci\u00f3n"
}
],
"id": "CVE-2021-39206",
"lastModified": "2024-11-21T06:18:53.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T23:15:13.980",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:28
Severity ?
Summary
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/commits/master | Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/issues/8520 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commits/master | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/issues/8520 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | 1.0.0 | |
| envoyproxy | envoy | 1.1.0 | |
| envoyproxy | envoy | 1.2.0 | |
| envoyproxy | envoy | 1.3.0 | |
| envoyproxy | envoy | 1.4.0 | |
| envoyproxy | envoy | 1.5.0 | |
| envoyproxy | envoy | 1.6.0 | |
| envoyproxy | envoy | 1.7.0 | |
| envoyproxy | envoy | 1.7.1 | |
| envoyproxy | envoy | 1.8.0 | |
| envoyproxy | envoy | 1.9.0 | |
| envoyproxy | envoy | 1.9.1 | |
| envoyproxy | envoy | 1.10.0 | |
| envoyproxy | envoy | 1.11.0 | |
| envoyproxy | envoy | 1.11.1 | |
| envoyproxy | envoy | 1.11.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A41CDE9-4AEA-4D10-B8AB-464DD392CDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DB36A7-0053-45BE-A0E1-CEA00E3E19A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA462017-5394-43F8-96ED-0EE177FE0873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E80A9D3-D22E-4BE4-BAD7-BC56EF40A2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5127853B-821C-47C6-9A25-76E9E66EE804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "684F3C83-3F67-4D04-8CF0-A6038C7BF84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC08C225-35BC-40BB-BFA4-9029ACB64F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0082A6-4495-41FD-83F4-7FFC7CBD68C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E55D00E-7B40-4CB9-A22B-979851493EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A690019F-9ACC-4054-B886-2FB7D66B9965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8A839E-09A8-40C0-837B-C4096F7194A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1677F01F-0112-41FF-B2DF-0DC8C2C4D8EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF5304-3318-436B-B13B-0697DA591A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC9B252-E49B-4D80-814B-3CC932CC64AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68F07BA5-07C7-4630-95AD-E40600B9BD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D020CF31-4608-4917-AC10-C90B60BEC91C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack."
},
{
"lang": "es",
"value": "Al recibir los datos de cada encabezado de petici\u00f3n entrante, Envoy iterar\u00e1 sobre los encabezados de petici\u00f3n existentes para comprobar que el tama\u00f1o total de los encabezados permanezca por debajo del l\u00edmite m\u00e1ximo. La implementaci\u00f3n en las versiones 1.10.0 hasta 1.11.1 para el tr\u00e1fico HTTP/1.x y todas las versiones de Envoy para el tr\u00e1fico HTTP/2 ten\u00edan caracter\u00edsticas de rendimiento O(n^2). Un atacante remoto puede crear una petici\u00f3n que se mantenga por debajo del tama\u00f1o m\u00e1ximo del encabezado de la petici\u00f3n, pero que consista en muchos miles de encabezados peque\u00f1os para consumir la CPU y resultar en un ataque de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-15226",
"lastModified": "2024-11-21T04:28:14.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:14.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/8520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commits/master"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/8520"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-25 15:29
Modified
2024-11-21 04:52
Severity ?
Summary
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0741 | Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/issues/6434 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM | ||
| cve@mitre.org | https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0741 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/issues/6434 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| redhat | openshift_service_mesh | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF47B6A7-F357-4074-B90D-8BEB0AB53DC0",
"versionEndIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6D2D18-27C3-44CF-804B-BE9270ED5077",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources."
},
{
"lang": "es",
"value": "Al analizar los valores de encabezado HTTP/1.x, Envoy versi\u00f3n 1.9.0 y anteriores, no rechazan los caracteres de cero incrustados (NUL, ASCII 0x0). Esto permite que los atacantes remotos que crean valores de encabezado que contienen caracteres NUL insertados puedan omitir potencialmente las reglas de coincidencia de encabezado, logrando el acceso a recursos no autorizados."
}
],
"id": "CVE-2019-9900",
"lastModified": "2024-11-21T04:52:32.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.7,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-25T15:29:01.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0741"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/6434"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h"
},
{
"source": "cve@mitre.org",
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/issues/6434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/envoy-announce/VoHfnDqZiAM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-01 14:15
Modified
2024-11-21 04:59
Severity ?
Summary
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/envoyproxy/envoy-setec/issues/80 | Broken Link | |
| cve@mitre.org | https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy-setec/issues/80 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.13.2 | |
| envoyproxy | envoy | 1.14.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EC70B-A398-42FC-84C1-4892D07787F5",
"versionEndIncluding": "1.12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEA6763-6AEC-4081-A4AD-7C0D9C716AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC44FC52-B495-46D3-B5FC-2B5B5D214102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames."
},
{
"lang": "es",
"value": "Envoy versiones 1.14.2, 1.13.2, 1.12.4 o anteriores, puede consumir cantidades excesivas de memoria al hacer proxy de peticiones o respuestas HTTP/2 con muchas tramas de datos peque\u00f1os (es decir, 1 byte)"
}
],
"id": "CVE-2020-12603",
"lastModified": "2024-11-21T04:59:54.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-01T14:15:14.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/80"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/envoyproxy/envoy-setec/issues/80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 19:15
Modified
2024-11-21 08:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588736F6-2FDC-4CF7-AFFA-7CFE16ED6EC6",
"versionEndExcluding": "1.23.12",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8412E60-1C2F-4764-94F5-563FAA297466",
"versionEndExcluding": "1.24.10",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC8FEB8-BB13-443C-8905-30B03F8F52E6",
"versionEndExcluding": "1.25.9",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA35F763-2810-4231-B5A9-93310BF7B765",
"versionEndExcluding": "1.26.4",
"versionStartIncluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener\u0027s global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update."
}
],
"id": "CVE-2023-35942",
"lastModified": "2024-11-21T08:09:01.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T19:15:11.050",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-20 00:15
Modified
2024-09-24 19:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E423BE-4022-47AB-A5D4-B218627517DD",
"versionEndExcluding": "1.28.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E442EF13-A99D-42B9-BC76-AC398C32D132",
"versionEndExcluding": "1.29.9",
"versionStartIncluding": "1.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9685C62-CFE4-43C5-B0C2-1C6722FB4F64",
"versionEndExcluding": "1.30.6",
"versionStartIncluding": "1.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C765FFC0-2FF7-4318-A347-2AFCAD0E7C74",
"versionEndExcluding": "1.31.2",
"versionStartIncluding": "1.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/borde/medio de alto rendimiento nativo de la nube. Envoy se bloquear\u00e1 cuando el cliente asincr\u00f3nico http est\u00e9 manejando `sendLocalReply` en alguna circunstancia, por ejemplo, actualizaci\u00f3n de websocket y duplicaci\u00f3n de solicitudes. El cliente asincr\u00f3nico http se bloquear\u00e1 durante `sendLocalReply()` en el cliente asincr\u00f3nico http, una raz\u00f3n es que el cliente asincr\u00f3nico http est\u00e1 duplicando el c\u00f3digo de estado, otra es que la destrucci\u00f3n del enrutador se llama en el destructor de la transmisi\u00f3n asincr\u00f3nica, mientras que la transmisi\u00f3n se elimina diferida al principio. Habr\u00e1 problemas si se destruye el decodificador de transmisi\u00f3n, pero se llama a su referencia en `router.onDestroy()`, lo que provoca una falla de segmento. Esto afectar\u00e1 a ext_authz si se permiten los encabezados `upgrade` y `connection`, y solicitar\u00e1 duplicaci\u00f3n. Este problema se ha solucionado en las versiones 1.31.2, 1.30.6, 1.29.9 y 1.28.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-45810",
"lastModified": "2024-09-24T19:48:22.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-20T00:15:03.153",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-24 21:15
Modified
2024-11-21 06:07
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as "/admin#foo" and mismatches with the configured "/admin" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending "#foo" fragment which violates RFC3986 or with the nonsensical "%23foo" text appended. A specifically constructed request with URI containing '#fragment' element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9 | Third Party Advisory | |
| security-advisories@github.com | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | 1.19.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC3BF7F-5B28-4765-8C6F-E2437A4B425D",
"versionEndExcluding": "1.16.5",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83547329-1394-417F-93DB-70C1A9D173B0",
"versionEndExcluding": "1.17.4",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781",
"versionEndExcluding": "1.18.4",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI \u0027#fragment\u0027 element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final \"/admin\" path element, or is using a negative assertion with final path element of \"/admin\". The client sends request to \"/app1/admin#foo\". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as \"/admin#foo\" and mismatches with the configured \"/admin\" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending \"#foo\" fragment which violates RFC3986 or with the nonsensical \"%23foo\" text appended. A specifically constructed request with URI containing \u0027#fragment\u0027 element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests."
},
{
"lang": "es",
"value": "Envoy es un proxy L7 de c\u00f3digo abierto y un bus de comunicaci\u00f3n dise\u00f1ado para grandes arquitecturas modernas orientadas a servicios. En las versiones afectadas, Envoy manejaba inapropiadamente un elemento URI \"#fragment\" como parte del elemento path. Envoy est\u00e1 configurado con un filtro RBAC para la autorizaci\u00f3n o un mecanismo similar con un caso expl\u00edcito de un elemento de ruta final \"/admin\", o est\u00e1 usando una aserci\u00f3n negativa con un elemento de ruta final de \"/admin\". El cliente env\u00eda la petici\u00f3n a \"/app1/admin#foo\". En Envoy versiones anteriores a 1.18.0, o 1.18.0+ configurado con path_normalization=false. Envoy trata el fragmento como un sufijo de la cadena de consulta cuando est\u00e1 presente, o como un sufijo de la ruta cuando la cadena de consulta est\u00e1 ausente, por lo que eval\u00faa el elemento final de la ruta como \"/admin#foo\" y no coincide con el elemento configurado de la ruta \"/admin\". En Envoy 1.18.0+ configurado con path_normalization=true. Envoy transforma esto en /app1/admin%23foo y no coincide con el prefijo /admin configurado. El URI resultante es enviado al siguiente agente-servidor con el fragmento \"#foo\" que viola la RFC3986 o con el texto sin sentido \"%23foo\" a\u00f1adido. Una petici\u00f3n espec\u00edficamente construida con un URI que contiene el elemento \"#fragment\" entregado por un cliente no confiable en presencia de una autorizaci\u00f3n de petici\u00f3n basada en la ruta de acceso, resultando en una escalada de Privilegios cuando las extensiones de autorizaci\u00f3n de peticiones son basadas en la ruta de acceso. Envoy versiones 1.19.1, 1.18.4, 1.17.4 y 1.16.5, contienen correcciones que eliminan el fragmento de la ruta URI en las peticiones entrantes."
}
],
"id": "CVE-2021-32779",
"lastModified": "2024-11-21T06:07:43.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-24T21:15:09.823",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-551"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 18:15
Modified
2024-11-21 08:09
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588736F6-2FDC-4CF7-AFFA-7CFE16ED6EC6",
"versionEndExcluding": "1.23.12",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8412E60-1C2F-4764-94F5-563FAA297466",
"versionEndExcluding": "1.24.10",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EC8FEB8-BB13-443C-8905-30B03F8F52E6",
"versionEndExcluding": "1.25.9",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA35F763-2810-4231-B5A9-93310BF7B765",
"versionEndExcluding": "1.26.4",
"versionStartIncluding": "1.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter\u0027s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host\u0027s domain configuration."
}
],
"id": "CVE-2023-35941",
"lastModified": "2024-11-21T08:09:01.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T18:15:10.993",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-22 23:15
Modified
2024-11-21 06:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * | |
| envoyproxy | envoy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFC93D0-C206-417C-81D0-F18145E3D768",
"versionEndExcluding": "1.18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8",
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83895D03-DAD1-4893-8A1C-F9143DEEC172",
"versionEndExcluding": "1.21.1",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade."
},
{
"lang": "es",
"value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. En las versiones afectadas de Envoy se produce un bloqueo cuando es configurada para :ref:\"upstream tunneling (envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config)\" y la conexi\u00f3n de bajada es desconectada mientras sigue estableciendo la conexi\u00f3n de subida o el flujo http/2. No se presentan medidas de mitigaci\u00f3n para este problema. Es recomendado a usuarios actualizar"
}
],
"id": "CVE-2021-43826",
"lastModified": "2024-11-21T06:29:52.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T23:15:10.957",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}