// For flags

CVE-2021-43825

Use-after-free in Envoy

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.

Envoy es un proxy de borde y servicio de código abierto, diseñado para aplicaciones nativas de la nube. El envío de una respuesta generada localmente debe detener el procesamiento posterior de los datos de petición o respuesta. Envoy realiza un seguimiento de la cantidad de datos de petición y respuesta almacenados en el búfer y aborta la petición si la cantidad de datos almacenados en el búfer supera el límite enviando 413 o 500 respuestas. Sin embargo, cuando el búfer es desbordado mientras la respuesta es procesada por la cadena de filtros, es posible que la operación no sea abortada correctamente y que sea accedido a un bloque de memoria liberado. Si esto ocurre, Envoy será bloqueado resultando en una denegación de servicio

A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-11-16 CVE Reserved
  • 2022-02-22 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-11-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Envoyproxy
Search vendor "Envoyproxy"
Envoy
Search vendor "Envoyproxy" for product "Envoy"
< 1.18.6
Search vendor "Envoyproxy" for product "Envoy" and version " < 1.18.6"
-
Affected
Envoyproxy
Search vendor "Envoyproxy"
Envoy
Search vendor "Envoyproxy" for product "Envoy"
>= 1.19.0 < 1.19.3
Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.19.0 < 1.19.3"
-
Affected
Envoyproxy
Search vendor "Envoyproxy"
Envoy
Search vendor "Envoyproxy" for product "Envoy"
>= 1.20.0 < 1.20.2
Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.20.0 < 1.20.2"
-
Affected
Envoyproxy
Search vendor "Envoyproxy"
Envoy
Search vendor "Envoyproxy" for product "Envoy"
>= 1.21.0 < 1.21.1
Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.21.0 < 1.21.1"
-
Affected