CVE-2021-43825

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Envoy (affected versions not specified)

Description The issue arises when Envoy, an open source edge and service proxy, fails to correctly abort the operation when the buffer overflows while a response is being processed by the filter chain. This can result in accessing a freed memory block, causing Envoy to crash and leading to a denial of service. Envoy is designed to track the amount of buffered request and response data and abort the request if the amount of buffered data exceeds the limit by sending 413 or 500 responses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BIT-ENVOY-2021-43825

CVE-2021-43825

GHSA-H69P-G6XG-MHHH

RHSA-2022:1275

RHSA-2022:1276

Affected Products

Envoy

CVE-2021-43825

Weakness Enumeration

Related Identifiers

Affected Products

References · 6