Adiyamankottai Rajaram

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.27.5 Envoy versions prior to 1.28.3 Envoy versions prior to 1.29.4 Envoy versions prior to 1.30.1 **Description** The issue arises when an upstream TLS cluster is used with `auto sni` enabled and a request contains a `host`/`:authority` header longer than 255 characters, causing an abnormal termination of the Envoy process. This occurs because Envoy does not handle errors gracefully when setting SNI for outbound TLS connections, expecting the operation to always succeed. The SNI length is limited to 255 characters per standard. **Recommendations** For versions prior to 1.27.5, update to version 1.27.5 or later. For versions prior to 1.28.3, update to version 1.28.3 or later. For versions prior to 1.29.4, update to version 1.29.4 or later. For versions prior to 1.30.1, update to version 1.30.1 or later. As a temporary workaround, consider restricting the length of the `host`/`:authority` header to 255 characters or less to prevent abnormal process termination.