CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-30157 – Envoy crashes when HTTP ext_proc processes local replies
https://notcve.org/view.php?id=CVE-2025-30157
21 Mar 2025 — Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10. • https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c • CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53271 – HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy
https://notcve.org/view.php?id=CVE-2024-53271
18 Dec 2024 — Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. • https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53270 – HTTP/1: sending overload crashes when the request is reset beforehand in envoy
https://notcve.org/view.php?id=CVE-2024-53270
18 Dec 2024 — Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. • https://github.com/envoyproxy/envoy/pull/37743/commits/6cf8afda956ba67c9afad185b962325a5242ef02 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53269 – Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy
https://notcve.org/view.php?id=CVE-2024-53269
18 Dec 2024 — Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration. • https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32475 – Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
https://notcve.org/view.php?id=CVE-2024-32475
18 Apr 2024 — Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 2... • https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382 • CWE-253: Incorrect Check of Function Return Value CWE-617: Reachable Assertion •