Envoyproxy: >> Envoy >> 1.14.6 Security Vulnerabilities
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-05-20
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
CVSS Score
8.8
EPSS Score
0.008
Published
2020-12-15
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-12-15
Page 5