Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that affects Envoy’s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies. Modifying and increasing the size of the body in an Envoy extension beyond the internal buffer size could lead to Envoy accessing deallocated memory and terminating abnormally.
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that affects Envoy’s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies. Modifying and increasing the size of the body in an Envoy extension beyond the internal buffer size could lead to Envoy accessing deallocated memory and terminating abnormally.
https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-32781
Vulmon