CVE-2021-43825

Use-after-free in Envoy

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.

Envoy es un proxy de borde y servicio de código abierto, diseñado para aplicaciones nativas de la nube. El envío de una respuesta generada localmente debe detener el procesamiento posterior de los datos de petición o respuesta. Envoy realiza un seguimiento de la cantidad de datos de petición y respuesta almacenados en el búfer y aborta la petición si la cantidad de datos almacenados en el búfer supera el límite enviando 413 o 500 respuestas. Sin embargo, cuando el búfer es desbordado mientras la respuesta es procesada por la cadena de filtros, es posible que la operación no sea abortada correctamente y que sea accedido a un bloque de memoria liberado. Si esto ocurre, Envoy será bloqueado resultando en una denegación de servicio

A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-11-16 CVE Reserved
2022-02-22 CVE Published
2024-08-04 CVE Updated
2024-11-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (4)

URL	Tag	Source
https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136	2022-03-02

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-43825	2022-04-07
https://bugzilla.redhat.com/show_bug.cgi?id=2050746	2022-04-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				< 1.18.6 Search vendor "Envoyproxy" for product "Envoy" and version " < 1.18.6"		-		Affected
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				>= 1.19.0 < 1.19.3 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.19.0 < 1.19.3"		-		Affected
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				>= 1.20.0 < 1.20.2 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.20.0 < 1.20.2"		-		Affected
Envoyproxy Search vendor "Envoyproxy"		Envoy Search vendor "Envoyproxy" for product "Envoy"				>= 1.21.0 < 1.21.1 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.21.0 < 1.21.1"		-		Affected