CVE-2021-28683

Опубликовано: 20 мая 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

Ссылки

https://blog.envoyproxy.io
Vendor Advisory
https://github.com/envoyproxy/envoy/releases
Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg
Not Applicable
Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg
Third Party Advisory
https://blog.envoyproxy.io
Vendor Advisory
https://github.com/envoyproxy/envoy/releases
Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg
Not Applicable
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*

cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00116

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2021-28683

CVSS3: 7.5

redhat

почти 5 лет назад

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

CVE-2021-28683

CVSS3: 7.5

debian

больше 4 лет назад

An issue was discovered in Envoy through 1.71.1. There is a remotely e ...

ELSA-2021-9399

oracle-oval

больше 4 лет назад

ELSA-2021-9399: olcne security update (IMPORTANT)

ELSA-2021-9398

oracle-oval

больше 4 лет назад

ELSA-2021-9398: olcne security update (IMPORTANT)

ELSA-2021-9397

oracle-oval

больше 4 лет назад

ELSA-2021-9397: olcne security update (IMPORTANT)

EPSS

Процентиль: 31%

0.00116

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476