Описание
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config> and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.
A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.
Envoy is an open source edge and service proxy, designed for cloud-nat ...
EPSS
7.5 High
CVSS3