CVE-2024-23327
- EPSS 0.69%
- Veröffentlicht 09.02.2024 23:15:09
- Zuletzt bearbeitet 21.11.2024 08:57:31
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a c...
CVE-2024-23322
- EPSS 0.68%
- Veröffentlicht 09.02.2024 23:15:08
- Zuletzt bearbeitet 21.11.2024 08:57:30
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (i...
CVE-2024-23323
- EPSS 0.5%
- Veröffentlicht 09.02.2024 23:15:08
- Zuletzt bearbeitet 21.11.2024 08:57:30
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addre...
CVE-2023-44487
- EPSS 100%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 12.05.2026 15:10:32
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-35942
- EPSS 0.74%
- Veröffentlicht 25.07.2023 19:15:11
- Zuletzt bearbeitet 21.11.2024 08:09:01
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the liste...
CVE-2023-35943
- EPSS 0.58%
- Veröffentlicht 25.07.2023 19:15:11
- Zuletzt bearbeitet 21.11.2024 08:09:01
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted betwe...
CVE-2023-35944
- EPSS 0.6%
- Veröffentlicht 25.07.2023 19:15:11
- Zuletzt bearbeitet 21.11.2024 08:09:01
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12,...
CVE-2023-35941
- EPSS 0.71%
- Veröffentlicht 25.07.2023 18:15:10
- Zuletzt bearbeitet 21.11.2024 08:09:01
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenar...
CVE-2023-35945
- EPSS 1.11%
- Veröffentlicht 13.07.2023 21:15:08
- Zuletzt bearbeitet 21.11.2024 08:09:01
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cle...
CVE-2023-27493
- EPSS 0.51%
- Veröffentlicht 04.04.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 07:53:01
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead t...