CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35944 – Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
https://notcve.org/view.php?id=CVE-2023-35944
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lower... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g • CWE-20: Improper Input Validation CWE-178: Improper Handling of Case Sensitivity CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35943 – Envoy vulnerable to CORS filter segfault when origin header is removed
https://notcve.org/view.php?id=CVE-2023-35943
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration. A flaw was found in Envoy. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35942 – Envoy's gRPC access log crash caused by the listener draining
https://notcve.org/view.php?id=CVE-2023-35942
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update. A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a ... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35941 – Envoy vulnerable to OAuth2 credentials exploit with permanent validity
https://notcve.org/view.php?id=CVE-2023-35941
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the ho... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55 • CWE-116: Improper Encoding or Escaping of Output CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-35945 – Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec
https://notcve.org/view.php?id=CVE-2023-35945
13 Jul 2023 — Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` fram... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r • CWE-400: Uncontrolled Resource Consumption CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-27496 – Envoy may crash when a redirect url without a state param is received in the oauth filter
https://notcve.org/view.php?id=CVE-2023-27496
04 Apr 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can al... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5 • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-27493 – Envoy doesn't escape HTTP header values
https://notcve.org/view.php?id=CVE-2023-27493
04 Apr 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-27492 – Envoy may crash when a large request body is processed in Lua filter
https://notcve.org/view.php?id=CVE-2023-27492
04 Apr 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ r... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-27491 – Envoy forwards invalid Http2/Http3 downstream headers
https://notcve.org/view.php?id=CVE-2023-27491
04 Apr 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/... • https://datatracker.ietf.org/doc/html/rfc9113#section-8.3 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •