Page 4 of 16 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. • https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j • CWE-476: NULL Pointer Dereference •