Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoy vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2022-29224
Envoy is a cloud-native high-performance proxy. Versions of envoy before 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold&rdq...
Envoyproxy Envoy
7.5
CVSSv3
CVE-2022-29225
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an malicious user to zip bomb the decompressor by sending a small ...
Envoyproxy Envoy
9.1
CVSSv3
CVE-2022-29226
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the cu...
Envoyproxy Envoy
7.5
CVSSv3
CVE-2022-29227
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions before 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the reques...
Envoyproxy Envoy
7.5
CVSSv3
CVE-2022-29228
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecodin...
Envoyproxy Envoy
7.5
CVSSv3
CVE-2024-23322
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configur...
Envoyproxy Envoy
7.5
CVSSv3
CVE-2024-23327
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does ...
Envoyproxy Envoy
6.5
CVSSv3
CVE-2023-35942
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions ...
Envoyproxy Envoy
1 Github repository
7.5
CVSSv3
CVE-2023-35943
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeH...
Envoyproxy Envoy
5.3
CVSSv3
CVE-2023-35944
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejectio...
Envoyproxy Envoy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »