CVE-2021-28683

Опубликовано: 15 апр. 2021

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

A NULL pointer dereference vulnerability was found envoyproxy/envoy. This flaw allows an attacker to establish a TLS session that sends an invalid TLS alert code, causing a NULL pointer exception to occur that crashes the application, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1942263envoyproxy/envoy: NULL pointer dereference in TLS alert code handling

EPSS

Процентиль: 31%

0.00116

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-28683

CVSS3: 7.5

nvd

больше 4 лет назад

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

CVE-2021-28683

CVSS3: 7.5

debian

больше 4 лет назад

An issue was discovered in Envoy through 1.71.1. There is a remotely e ...

ELSA-2021-9399

oracle-oval

больше 4 лет назад

ELSA-2021-9399: olcne security update (IMPORTANT)

ELSA-2021-9398

oracle-oval

больше 4 лет назад

ELSA-2021-9398: olcne security update (IMPORTANT)

ELSA-2021-9397

oracle-oval

больше 4 лет назад

ELSA-2021-9397: olcne security update (IMPORTANT)

EPSS

Процентиль: 31%

0.00116

Низкий

7.5 High

CVSS3