CVE-2021-43824

Null pointer dereference in envoy

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.

Envoy es un proxy de borde y servicio de código abierto, diseñado para aplicaciones nativas de la nube. En las versiones afectadas, una solicitud crafteada bloquea Envoy cuando se envía una solicitud CONNECT al filtro JWT configurado con coincidencia regex. Esto proporciona un vector de ataque de denegación de servicio. La única medida de mitigación es no utilizar regex en el filtro JWT. Se aconseja a los usuarios que actualicen

A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-11-16 CVE Reserved
2022-02-22 CVE Published
2024-08-04 CVE Updated
2024-11-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (4)

URL	Tag	Source
https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/envoyproxy/envoy/commit/9371333230b1a6e1be2eccf4868771e11af6253a	2022-03-01

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-43824	2022-04-07
https://bugzilla.redhat.com/show_bug.cgi?id=2050744	2022-04-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				< 1.18.6 Search vendor "Envoyproxy" for product "Envoy" and version " < 1.18.6"		-		Affected
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				>= 1.19.0 < 1.19.3 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.19.0 < 1.19.3"		-		Affected
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				>= 1.20.0 < 1.20.2 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.20.0 < 1.20.2"		-		Affected
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				>= 1.21.0 < 1.21.1 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.21.0 < 1.21.1"		-		Affected