Boteng Yao

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.29.12 Envoy versions prior to 1.30.9 Envoy versions prior to 1.31.5 Envoy versions prior to 1.32.3 **Description** The issue is related to the `envoy.load shed points.http1 server abort dispatch` configuration in Envoy, a cloud-native high-performance edge/middle/service proxy. In affected versions, `sendOverloadError` assumes the active request exists when this configuration is set. However, if `active request` is nullptr, only `onMessageBeginImpl()` is called, which can lead to a nullptr reference if the stream is already reset. This can cause Envoy to crash, particularly during the H/2 upstream reset. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Envoy versions prior to 1.29.12, upgrade to version 1.29.12 or later. For Envoy versions prior to 1.30.9, upgrade to version 1.30.9 or later. For Envoy versions prior to 1.31.5, upgrade to version 1.31.5 or later. For Envoy versions prior to 1.32.3, upgrade to version 1.32.3 or later. As a temporary workaround, consider disabling the `http1 server abort dispatch` load shed point and/or use a high threshold.