Herman

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.29.1 Envoy versions prior to 1.28.1 Envoy versions prior to 1.27.3 Envoy versions prior to 1.26.7 **Description** The issue is related to a use-after-free error in the Envoy proxy server. Exploitation of this issue may allow a remote attacker to cause the application to crash. Envoy will crash when certain timeouts happen within the same interval, specifically when `hedge on per try timeout` is enabled, `per try idle timeout` is enabled, and `per-try-timeout` is enabled with its value equal to or within the backoff interval of the `per try idle timeout`. **Recommendations** For Envoy versions prior to 1.29.1, upgrade to version 1.29.1 or later. For Envoy versions prior to 1.28.1, upgrade to version 1.28.1 or later. For Envoy versions prior to 1.27.3, upgrade to version 1.27.3 or later. For Envoy versions prior to 1.26.7, upgrade to version 1.26.7 or later.