CVE-2022-29227
Use after free in Envoy
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed.
Envoy es un proxy de borde/medio/servicio de alto rendimiento nativo de la nube. En versiones anteriores a 1.22.1, si Envoy intenta enviar un redireccionamiento interno de una petición HTTP que consta de más encabezados HTTP, se presenta un error de por vida que puede desencadenarse. Si mientras es reproducida la petición Envoy envía una respuesta local cuando son procesados los encabezados del redireccionamiento, el estado descendente indica que el flujo descendente no está completo. Al enviar la respuesta local, Envoy intentará restablecer el flujo descendente, pero como en realidad está completo, y ha sido eliminado, esto resulta en un uso de memoria previamente liberada. es recomendado a usuarios actualizar. Es recomendado a usuarios que no puedan actualizar deshabilitar los redireccionamientos internos si son observados bloqueos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-13 CVE Reserved
- 2022-06-09 CVE Published
- 2023-12-31 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab | 2023-11-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | < 1.22.1 Search vendor "Envoyproxy" for product "Envoy" and version " < 1.22.1" | - |
Affected
|