Raul Gutierrez Segales

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.22.1 **Description** The issue arises when the OAuth filter attempts to invoke remaining filters in the chain after a local response has been emitted. This can trigger an ASSERT() in newer versions and corrupt memory in earlier versions. The `continueDecoding()` function should not be called from filters after a local reply has been sent. There are no known workarounds for this issue. **Recommendations** For versions prior to 1.22.1, users are advised to upgrade to version 1.22.1 or later to resolve the issue. As a temporary workaround, consider disabling the OAuth filter until a patch is available. Restrict access to the affected `continueDecoding()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.19.1 Envoy versions prior to 1.18.4 Envoy versions prior to 1.17.4 Envoy versions prior to 1.16.5 **Description** Envoy is an open source L7 proxy and communication bus designed for large modern service-oriented architectures. In affected versions, after Envoy sends a locally generated response, it must stop further processing of request or response data. However, when a local response is generated due to an internal buffer overflow while a request or response is processed by the filter chain, the operation may not be stopped completely, resulting in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies can result in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as the decompressor filter. **Recommendations** For versions prior to 1.19.1, update to version 1.19.1 or later. For versions prior to 1.18.4, update to version 1.18.4 or later. For versions prior to 1.17.4, update to version 1.17.4 or later. For versions prior to 1.16.5, update to version 1.16.5 or later. As a temporary workaround, consider disabling Envoy's decompressor, json-transcoder, or grpc-web extensions, or proprietary extensions that modify and increase the size of request or response bodies, if feasible.