William Sears

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 **Description** The issue is related to a `use-after-free` crash in Envoy when gRPC access loggers using the listener's global scope are utilized and the listener is drained. This can be exploited by a remote attacker to launch a denial-of-service (DoS) attack. **Recommendations** For versions prior to 1.27.0, update to version 1.27.0 or later. For versions prior to 1.26.4, update to version 1.26.4 or later. For versions prior to 1.25.9, update to version 1.25.9 or later. For versions prior to 1.24.10, update to version 1.24.10 or later. For versions prior to 1.23.12, update to version 1.23.12 or later. As a temporary workaround, consider disabling the gRPC access log or stopping listener updates until a patch is applied.