Erik Lindblad

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.22.1 **Description** The issue affects Envoy, a cloud-native high-performance proxy, where versions prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy has a feature to perform various types of upstream health checking, including one that uses gRPC. An attacker controlling an upstream host and its service discovery can crash Envoy by forcing the removal of the host from service discovery and then failing the gRPC health check request, resulting in a null pointer dereference. **Recommendations** For Envoy versions prior to 1.22.1, upgrade to version 1.22.1 or later to resolve the issue. As a temporary workaround for users unable to upgrade, consider disabling gRPC health checking and/or replacing it with a different health checking type to mitigate the risk.