CVE-2022-29228

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.22.1

Description The issue arises when the OAuth filter attempts to invoke remaining filters in the chain after a local response has been emitted. This can trigger an ASSERT() in newer versions and corrupt memory in earlier versions. The continueDecoding() function should not be called from filters after a local reply has been sent. There are no known workarounds for this issue.

Recommendations For versions prior to 1.22.1, users are advised to upgrade to version 1.22.1 or later to resolve the issue. As a temporary workaround, consider disabling the OAuth filter until a patch is available. Restrict access to the affected continueDecoding() function to minimize the risk of exploitation.