CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-30157 – Envoy crashes when HTTP ext_proc processes local replies
https://notcve.org/view.php?id=CVE-2025-30157
21 Mar 2025 — Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10. • https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c • CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32475 – Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
https://notcve.org/view.php?id=CVE-2024-32475
18 Apr 2024 — Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 2... • https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382 • CWE-253: Incorrect Check of Function Return Value CWE-617: Reachable Assertion •