CVE-2022-21655

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Envoy (affected versions not specified)

Description The envoy common router will experience a segfault if an internal redirect selects a route configured with direct response or redirect actions, resulting in a denial of service.

Recommendations As a workaround, turn off internal redirects if direct response entries are configured on the same listener.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

BIT-ENVOY-2022-21655

CVE-2022-21655

GHSA-7R5P-7FMH-JXPG

RHSA-2022:1275

RHSA-2022:1276

Affected Products

Envoy

CVE-2022-21655

Weakness Enumeration

Related Identifiers

Affected Products

References · 9