CVE-2021-43825
Use-after-free in Envoy
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.
Envoy es un proxy de borde y servicio de código abierto, diseñado para aplicaciones nativas de la nube. El envío de una respuesta generada localmente debe detener el procesamiento posterior de los datos de petición o respuesta. Envoy realiza un seguimiento de la cantidad de datos de petición y respuesta almacenados en el búfer y aborta la petición si la cantidad de datos almacenados en el búfer supera el límite enviando 413 o 500 respuestas. Sin embargo, cuando el búfer es desbordado mientras la respuesta es procesada por la cadena de filtros, es posible que la operación no sea abortada correctamente y que sea accedido a un bloque de memoria liberado. Si esto ocurre, Envoy será bloqueado resultando en una denegación de servicio
A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-16 CVE Reserved
- 2022-02-22 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136 | 2022-03-02 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-43825 | 2022-04-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2050746 | 2022-04-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | < 1.18.6 Search vendor "Envoyproxy" for product "Envoy" and version " < 1.18.6" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.19.0 < 1.19.3 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.19.0 < 1.19.3" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.20.0 < 1.20.2 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.20.0 < 1.20.2" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.21.0 < 1.21.1 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.21.0 < 1.21.1" | - |
Affected
|