CVE-2021-43824

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Envoy (affected versions not specified)

Description The issue affects Envoy, an open source edge and service proxy for cloud-native applications. A crafted request can crash Envoy when a CONNECT request is sent to the JWT filter configured with regex match, providing a denial of service attack vector.

Recommendations As a temporary workaround, consider not using regex in the JWT filter until a patch is available. Users are advised to upgrade to a newer version to resolve the issue.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BIT-ENVOY-2021-43824

CVE-2021-43824

GHSA-VJ5M-RCH8-5R2P

RHSA-2022:1275

RHSA-2022:1276

Affected Products

Envoy

CVE-2021-43824

Weakness Enumeration

Related Identifiers

Affected Products

References · 6