Envoy
by Envoyproxy
Source repositories
CVEs (95)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29225 | 0.00 | — | 0.01 | Jun 9, 2022 | Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small… | |||
| CVE-2022-29224 | 0.00 | — | 0.01 | Jun 9, 2022 | Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold”… | |||
| CVE-2021-43826 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the… | |||
| CVE-2021-43825 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the… | |||
| CVE-2022-21655 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround… | |||
| CVE-2022-21654 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used.… | |||
| CVE-2022-21657 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary… | |||
| CVE-2022-21656 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for… | |||
| CVE-2022-23606 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of… | |||
| CVE-2021-43824 | 0.00 | — | 0.01 | Feb 22, 2022 | Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only… | |||
| CVE-2021-32780 | 0.00 | — | 0.01 | Aug 24, 2021 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is… | |||
| CVE-2021-32781 | 0.00 | — | 0.01 | Aug 24, 2021 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is… | |||
| CVE-2021-32779 | 0.00 | — | 0.01 | Aug 24, 2021 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or… | |||
| CVE-2021-32778 | 0.00 | — | 0.01 | Aug 24, 2021 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are… | |||
| CVE-2021-32777 | 0.00 | — | 0.03 | Aug 24, 2021 | Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the… | |||
| CVE-2021-29258 | 0.00 | — | 0.02 | May 20, 2021 | An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion. | |||
| CVE-2021-28683 | 0.00 | — | 0.02 | May 20, 2021 | An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received. | |||
| CVE-2021-28682 | 0.00 | — | 0.02 | May 20, 2021 | An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations. | |||
| CVE-2021-21378 | 0.00 | — | 0.02 | Mar 11, 2021 | Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the… | |||
| CVE-2020-25017 | 0.00 | — | 0.01 | Oct 1, 2020 | Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header. |
- CVE-2022-29225Jun 9, 2022risk 0.00cvss —epss 0.01
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small…
- CVE-2022-29224Jun 9, 2022risk 0.00cvss —epss 0.01
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold”…
- CVE-2021-43826Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the…
- CVE-2021-43825Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the…
- CVE-2022-21655Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround…
- CVE-2022-21654Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used.…
- CVE-2022-21657Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary…
- CVE-2022-21656Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for…
- CVE-2022-23606Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of…
- CVE-2021-43824Feb 22, 2022risk 0.00cvss —epss 0.01
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only…
- CVE-2021-32780Aug 24, 2021risk 0.00cvss —epss 0.01
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is…
- CVE-2021-32781Aug 24, 2021risk 0.00cvss —epss 0.01
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is…
- CVE-2021-32779Aug 24, 2021risk 0.00cvss —epss 0.01
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or…
- CVE-2021-32778Aug 24, 2021risk 0.00cvss —epss 0.01
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are…
- CVE-2021-32777Aug 24, 2021risk 0.00cvss —epss 0.03
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the…
- CVE-2021-29258May 20, 2021risk 0.00cvss —epss 0.02
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
- CVE-2021-28683May 20, 2021risk 0.00cvss —epss 0.02
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
- CVE-2021-28682May 20, 2021risk 0.00cvss —epss 0.02
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
- CVE-2021-21378Mar 11, 2021risk 0.00cvss —epss 0.02
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the…
- CVE-2020-25017Oct 1, 2020risk 0.00cvss —epss 0.01
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Page 4 of 5