📦 Envoy

This vulnerability in Envoy's OAuth filter allows attackers to bypass authentication by providing any access token, even invalid ones. It affects all Envoy deployments using the OAuth filter in versio...

This vulnerability in Envoy proxy allows large requests/responses to trigger TCP connection pool crashes when connections close while upstream data is still arriving, causing a null pointer dereferenc...

This CVE describes a use-after-free vulnerability in Envoy's DNS cache within the Dynamic Forward Proxy implementation. It can cause abnormal process termination (crash) when specific callback conditi...

Envoy proxy versions before 1.32.3, 1.31.5, 1.30.9, and 1.29.12 contain a null pointer dereference vulnerability when the http1_server_abort_dispatch load shed point is configured. This can cause Envo...

Envoy proxy versions using the default oghttp2 HTTP/2 codec contain stream management bugs that can cause crashes. This affects all Envoy 1.31 deployments with default configurations. The vulnerabilit...

Envoyproxy with Brotli filter can enter an endless loop during decompression of Brotli data with extra input, causing denial of service. This affects Envoy deployments using Brotli compression. The vu...

This vulnerability in Envoy proxy allows remote attackers to cause a denial-of-service (DoS) by sending incomplete UTF-8 strings that trigger an uncaught exception in the nlohmann JSON library, leadin...

Envoy proxy crashes when processing requests with host/authority headers longer than 255 characters while using upstream TLS clusters with auto_sni enabled. This denial-of-service vulnerability affect...

This vulnerability allows downstream clients to bypass external authentication in Envoy proxy by forcing invalid gRPC requests to the ext_authz service when failure_mode_allow is enabled. This affects...

A NULL pointer dereference vulnerability in Envoy proxy when PPv2 is enabled on both listener and cluster configurations causes a segmentation fault when processing specific LOCAL command requests wit...

Envoy proxy crashes when specific timeout configurations overlap, causing a denial of service. This affects Envoy deployments with hedge_on_per_try_timeout, per_try_idle_timeout, and per-try-timeout e...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...

This vulnerability in Envoy proxy allows attackers to bypass security controls by using mixed-case HTTP/HTTPS schemes (like 'htTp' or 'htTps') in HTTP/2 requests. It affects Envoy deployments handling...

This CVE allows a malicious client to create OAuth2 credentials with permanent validity in Envoy proxy's OAuth2 filter under specific scenarios. It affects Envoy deployments using OAuth2 authenticatio...

Envoy's HTTP/2 implementation has a memory leak vulnerability when receiving RST_STREAM followed by GOAWAY frames from upstream servers. This allows attackers to cause denial of service through memory...

Envoy proxy versions before 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 fail to properly sanitize request properties when generating headers, allowing injection of illegal characters. This can cause up...

Envoy proxy versions before 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 allow attackers to bypass JWT authentication by forging the x-envoy-original-path header. This internal header should be stripped...

This vulnerability in Envoy's OAuth filter allows memory corruption or crashes when the filter incorrectly continues processing after sending a local response. It affects all Envoy deployments using t...

Envoy proxy versions before 1.22.1 have a decompression vulnerability where attackers can send small, highly compressed payloads that expand to consume excessive memory. This zip bomb attack can cause...

This vulnerability in Envoy proxy causes a segmentation fault when internal redirects select routes configured with direct response or redirect actions, leading to denial of service. It affects Envoy ...

A crafted CONNECT request sent to Envoy's JWT filter configured with regex matching causes a crash, leading to denial of service. This affects Envoy deployments using regex-based JWT filtering. The vu...

Envoy proxy versions with upstream tunneling configured can crash when a downstream client disconnects while the upstream connection is still being established. This denial-of-service vulnerability af...

CVE-2021-39206 is an authorization bypass vulnerability in Pomerium's underlying Envoy proxy that could allow specially crafted requests to bypass path-based access controls. This affects Pomerium dep...

This CVE describes a denial-of-service vulnerability in Envoy's HTTP/2 stream reset handling that affects Pomerium identity-aware access proxies. Attackers can cause high CPU utilization by resetting ...

CVE-2021-32781 is a use-after-free vulnerability in Envoy proxy that allows specifically crafted requests to cause denial of service. It affects Envoy deployments using extensions that modify request/...

This vulnerability in Envoy proxy allows attackers to bypass path-based authorization controls by including URI fragments (#fragment) in requests. It affects Envoy deployments using RBAC filters or si...

Envoy's ext-authz extension fails to properly merge multiple-value headers when sending requests to external authorization services, sending only the last value instead. This allows attackers to craft...

Envoy proxy versions 1.18.2 and earlier fail to decode escaped slash sequences (%2F and %5C) in HTTP URL paths, allowing attackers to bypass access controls like RBAC or JWT filters. This affects user...

This vulnerability in Envoy proxy allows remote attackers to cause a denial of service by sending a specially crafted TLS alert with an unknown alert code, triggering a NULL pointer dereference and cr...

This vulnerability in Envoy proxy allows attackers to bypass JWT authentication by presenting tokens from unauthorized issuers when the 'allow_missing' requirement is configured under 'requires_any'. ...

Envoy's mTLS certificate matcher incorrectly validates certificates with embedded null bytes in OTHERNAME SAN values, potentially allowing unauthorized access. This affects Envoy proxy deployments usi...

Envoy proxy crashes when JWT authentication with remote JWKS fetching is configured, allow_missing_or_failed is enabled, multiple JWT tokens are present, and the JWKS fetch fails. This is a denial-of-...

Envoy proxy versions before 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script rewrites response bodies exceeding buffer limits, it causes...

A vulnerability in Envoy's JWT filter causes a crash when specific conditions are met: remote JWKs are used with clear_route_cache enabled, header operations modify requests to not match any route. Th...

This CVE describes a use-after-free vulnerability in Envoy's QUIC implementation that can cause a crash when processing HTTP/3 requests. The vulnerability occurs when QUICHE continues to push request ...

Envoy proxy versions 1.33.12, 1.34.10, 1.35.6, 1.36.2 and earlier have a CONNECT tunnel desynchronization vulnerability when configured in TCP proxy mode. This occurs when Envoy accepts client data be...