VYPR

Vendor CVEs

Envoyproxy

All CVEs

98 total · sorted by risk
  • CVE-2023-35943Jul 25, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and…

  • CVE-2023-35942Jul 25, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions…

  • CVE-2023-35941Jul 25, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the…

  • CVE-2023-35945Jul 13, 2023
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests…

  • CVE-2023-27496Apr 4, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending…

  • CVE-2023-27493Apr 4, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal…

  • CVE-2023-27492Apr 4, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled…

  • CVE-2023-27491Apr 4, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow…

  • CVE-2023-27488Apr 4, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components…

  • CVE-2023-27487Apr 4, 2023
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an…

  • CVE-2022-29227Jun 9, 2022
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request…

  • CVE-2022-29226Jun 9, 2022
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the…

  • CVE-2022-29228Jun 9, 2022
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions.…

  • CVE-2022-29225Jun 9, 2022
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small…

  • CVE-2022-29224Jun 9, 2022
    risk 0.00cvss epss 0.01

    Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold”…

  • CVE-2021-43826Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the…

  • CVE-2021-43825Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the…

  • CVE-2022-21655Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround…

  • CVE-2022-21654Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used.…

  • CVE-2022-21657Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary…

  • CVE-2022-21656Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for…

  • CVE-2022-23606Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of…

  • CVE-2021-43824Feb 22, 2022
    risk 0.00cvss epss 0.01

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only…

  • CVE-2021-32780Aug 24, 2021
    risk 0.00cvss epss 0.01

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is…

  • CVE-2021-32781Aug 24, 2021
    risk 0.00cvss epss 0.01

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is…

  • CVE-2021-32779Aug 24, 2021
    risk 0.00cvss epss 0.01

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or…

  • CVE-2021-32778Aug 24, 2021
    risk 0.00cvss epss 0.01

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are…

  • CVE-2021-32777Aug 24, 2021
    risk 0.00cvss epss 0.03

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the…

  • CVE-2021-29258May 20, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.

  • CVE-2021-28683May 20, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

  • CVE-2021-28682May 20, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.

  • CVE-2021-21378Mar 11, 2021
    risk 0.00cvss epss 0.02

    Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the…

  • CVE-2020-25017Oct 1, 2020
    risk 0.00cvss epss 0.01

    Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.

  • CVE-2020-15104Jul 14, 2020
    risk 0.00cvss epss 0.00

    In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow…

  • CVE-2020-12605Jul 1, 2020
    risk 0.00cvss epss 0.01

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.

  • CVE-2020-8663Jul 1, 2020
    risk 0.00cvss epss 0.01

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.

  • CVE-2020-12603Jul 1, 2020
    risk 0.00cvss epss 0.01

    Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.

  • CVE-2020-11767Apr 15, 2020
    risk 0.00cvss epss 0.02

    Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind…

  • CVE-2020-8660Mar 4, 2020
    risk 0.00cvss epss 0.01

    CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain,…

  • CVE-2020-8664Mar 4, 2020
    risk 0.00cvss epss 0.01

    CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be…

  • CVE-2020-8661Mar 4, 2020
    risk 0.00cvss epss 0.02

    CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.

  • CVE-2020-8659Mar 4, 2020
    risk 0.00cvss epss 0.02

    CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

  • CVE-2019-18838Dec 13, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to…

  • CVE-2019-18802Dec 13, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one…

  • CVE-2019-18801Dec 13, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents (leading to a query-of-death scenario) or may be used…

  • CVE-2019-18836Nov 11, 2019
    risk 0.00cvss epss 0.02

    Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."

  • CVE-2019-9901Apr 25, 2019
    risk 0.00cvss epss 0.03

    Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond…

  • CVE-2019-9900Apr 25, 2019
    risk 0.00cvss epss 0.04

    When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to…

Page 2 of 2