Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-21655: Build software better, together

Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener.

CVE
Open in Source
#dos#git

common router: envoy will segfault if route selected in result of internal redirect is direct_response

CVSS Score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, High

Impact

Denial of Service (Crash)

Patches****Workarounds

Turn off internal redirects if direct response entries are configured on the same listener.

References

https://blog.envoyproxy.io
https://github.com/envoyproxy/envoy/releases

For more information

Open an issue in Envoy repo
Email us at envoy-security

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE