7.5

CVE-2021-28683

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EnvoyproxyEnvoy Version1.16.2
EnvoyproxyEnvoy Version1.17.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.69% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://blog.envoyproxy.io
Vendor Advisory
https://github.com/envoyproxy/envoy/releases
Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg
Third Party Advisory
Not Applicable
https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg
Third Party Advisory