Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoy vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-28682
An issue exists in Envoy up to and including 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
Envoyproxy Envoy 1.14.6
Envoyproxy Envoy 1.15.3
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.17.1
5
CVSSv2
CVE-2021-28683
An issue exists in Envoy up to and including 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.17.1
5
CVSSv2
CVE-2021-29258
An issue exists in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
Envoyproxy Envoy 1.14.6
Envoyproxy Envoy 1.15.3
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.17.1
6.4
CVSSv2
CVE-2021-21378
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_mi...
Envoyproxy Envoy 1.17.0
4
CVSSv2
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot prior to 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to t...
Istio Istio
Redhat Openshift Service Mesh 1.0
5
CVSSv2
CVE-2020-35471
Envoy prior to 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
Envoyproxy Envoy
5.8
CVSSv2
CVE-2020-35470
Envoy prior to 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
Envoyproxy Envoy
5
CVSSv2
CVE-2020-25018
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
Envoyproxy Envoy
7.5
CVSSv2
CVE-2020-25017
Envoy up to and including 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Envoyproxy Envoy
5
CVSSv2
CVE-2020-15127
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdow...
Projectcontour Contour
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »