Published: 24/08/2021 Updated: 02/07/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An out-of-bounds memory read vulnerability was found in envoyproxy/envoy. When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of the following: the decompressor, json-transcoder, grpc-web, or other proprietary extensions. This flaw allows an malicious user to read invalid memory and cause envoy to crash, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
envoyproxy envoy 1.19.0
envoyproxy envoy

An out-of-bounds memory read vulnerability was found in envoyproxy/envoy When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of the following: the decompressor, json-transcoder, grpc-web, or other proprietary extensions This flaw allows an attacker to read invalid memory and ca ...

Envoy, as used by Istio before version 1111, contains a remotely exploitable vulnerability that affects Envoy’s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies Modifying and increasing the size of the body in an Envoy extension beyond the internal bu ...

CWE-120 https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-32781

CVE-2021-32781

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect