CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23325 – Envoy crashes when using an address type that isn’t supported by the OS
https://notcve.org/view.php?id=CVE-2024-23325
09 Feb 2024 — Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.... • https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23327 – Crash in proxy protocol when command type of LOCAL in Envoy
https://notcve.org/view.php?id=CVE-2024-23327
09 Feb 2024 — Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. • https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35944 – Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
https://notcve.org/view.php?id=CVE-2023-35944
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lower... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g • CWE-20: Improper Input Validation CWE-178: Improper Handling of Case Sensitivity CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35943 – Envoy vulnerable to CORS filter segfault when origin header is removed
https://notcve.org/view.php?id=CVE-2023-35943
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration. A flaw was found in Envoy. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35942 – Envoy's gRPC access log crash caused by the listener draining
https://notcve.org/view.php?id=CVE-2023-35942
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update. A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a ... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35941 – Envoy vulnerable to OAuth2 credentials exploit with permanent validity
https://notcve.org/view.php?id=CVE-2023-35941
25 Jul 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the ho... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55 • CWE-116: Improper Encoding or Escaping of Output CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-35945 – Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec
https://notcve.org/view.php?id=CVE-2023-35945
13 Jul 2023 — Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` fram... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r • CWE-400: Uncontrolled Resource Consumption CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-27496 – Envoy may crash when a redirect url without a state param is received in the oauth filter
https://notcve.org/view.php?id=CVE-2023-27496
04 Apr 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can al... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5 • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-27493 – Envoy doesn't escape HTTP header values
https://notcve.org/view.php?id=CVE-2023-27493
04 Apr 2023 — Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.... • https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •