VYPR

Envoy

by Envoyproxy

Source repositories

CVEs (95)

  • CVE-2025-55162Sep 3, 2025
    risk 0.00cvss epss 0.00

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed…

  • CVE-2025-54588Sep 2, 2025
    risk 0.00cvss epss 0.00

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free (UAF) vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in…

  • CVE-2025-46821May 7, 2025
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not…

  • CVE-2025-30157Mar 21, 2025
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the…

  • CVE-2024-53271Dec 18, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users…

  • CVE-2024-53270Dec 18, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only…

  • CVE-2024-53269Dec 18, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to…

  • CVE-2024-45806Sep 19, 2024
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's…

  • CVE-2024-45807Sep 19, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this…

  • CVE-2024-45808Sep 19, 2024
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME`…

  • CVE-2024-45809Sep 19, 2024
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the…

  • CVE-2024-45810Sep 19, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()`…

  • CVE-2024-39305Jul 1, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the…

  • CVE-2024-32974Jun 4, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the…

  • CVE-2024-32975Jun 4, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.

  • CVE-2024-32976Jun 4, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.

  • CVE-2024-34362Jun 4, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame,…

  • CVE-2024-34363Jun 4, 2024
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.

  • CVE-2024-34364Jun 4, 2024
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.

  • CVE-2024-23326Jun 4, 2024
    risk 0.00cvss epss 0.00

    Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101…

Page 2 of 5