Mattklein123

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS), all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. **Recommendations** Users are advised to upgrade. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** The issue concerns Envoy, an open source edge and service proxy for cloud-native applications. It allows the re-use of TLS when certain certificate validation settings have changed from their default configuration. Users are advised to ensure that default TLS settings are used as a workaround. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider ensuring that default TLS settings are used until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** The envoy common router will experience a segfault if an internal redirect selects a route configured with direct response or redirect actions, resulting in a denial of service. **Recommendations** As a workaround, turn off internal redirects if direct response entries are configured on the same listener.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** The issue is related to a "type confusion" bug in the default certificate validation routines when processing subjectAltNames. This allows, for example, an `rfc822Name` or `uniformResourceIndicator` to be authenticated as a domain name, enabling the bypassing of `nameConstraints` as processed by the underlying OpenSSL/BoringSSL implementation. As a result, Envoy will trust upstream certificates that should not be trusted, exposing the possibility of impersonation of arbitrary servers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** The issue concerns Envoy, an open source edge and service proxy designed for cloud-native applications. In affected versions, Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. As a result, Envoy will trust upstream certificates that should not be trusted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** The issue affects Envoy, an open source edge and service proxy for cloud-native applications. A crafted request can crash Envoy when a CONNECT request is sent to the JWT filter configured with regex match, providing a denial of service attack vector. **Recommendations** As a temporary workaround, consider not using regex in the JWT filter until a patch is available. Users are advised to upgrade to a newer version to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** The issue arises when Envoy, an open source edge and service proxy, fails to correctly abort the operation when the buffer overflows while a response is being processed by the filter chain. This can result in accessing a freed memory block, causing Envoy to crash and leading to a denial of service. Envoy is designed to track the amount of buffered request and response data and abort the request if the amount of buffered data exceeds the limit by sending 413 or 500 responses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envoy (affected versions not specified) **Description** A crash occurs in Envoy when it is configured for upstream tunneling and the downstream connection disconnects while the upstream connection or HTTP/2 stream is still being established. **Recommendations** Upgrade to a newer version to resolve the issue. At the moment, there is no information about a specific newer version that contains a fix for this vulnerability, but users are advised to upgrade.

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.71.1 Description: A remotely exploitable integer overflow issue exists due to a very large grpc-timeout value, leading to unexpected timeout calculations. Recommendations: For versions prior to 1.71.1, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.71.1 Description: A remotely exploitable issue exists where a NULL pointer dereference and crash can occur in TLS when an unknown TLS alert code is received. Recommendations: For versions prior to 1.71.1, update to a version that contains a fix for this issue to prevent remote exploitation.

Name of the Vulnerable Software and Affected Versions: Envoy version 1.14.0 Description: An issue was discovered that allows for a remotely exploitable crash for HTTP2 Metadata. This occurs because an empty METADATA map triggers a Reachable Assertion. Recommendations: For Envoy version 1.14.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.15.0 **Description** The issue arises because Envoy only considers the first value when multiple header values are present for some HTTP headers. Additionally, Envoy's setCopy() header map API does not replace all existing occurrences of a non-inline header. **Recommendations** For versions prior to 1.15.0, update to version 1.15.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the setCopy() header map API to minimize the risk of exploitation. Avoid using non-inline headers in the affected API endpoints until the issue is resolved.