- Description
- Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-460
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "129FA49E-ADA2-4ACF-98D1-245E8CE9E793",
"versionEndExcluding": "1.30.10"
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D97CBD62-50CA-4E4E-BCCC-E323A10CC4B5",
"versionEndExcluding": "1.31.6",
"versionStartIncluding": "1.31.0"
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3801C869-713E-455C-ADD0-9ECA98498835",
"versionEndExcluding": "1.32.4",
"versionStartIncluding": "1.32.0"
},
{
"criteria": "cpe:2.3:a:envoyproxy:envoy:1.33.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3F92855-6744-4C5C-9B75-83D5CA67D843"
}
],
"operator": "OR"
}
]
}
]