PT-2026-24615 — Github.Com/Envoyproxy/Envoy

PT-2026-24615 · Go · Github.Com/Envoyproxy/Envoy

Published

2026-03-10

Updated

2026-03-10

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original src filter and the dns filter.

Details

The crashing function is Utility::getAddressWithPort. The crash occurs if a string containing a scoped IPv6 address is passed to this function.

This vulnerability affects:

The original src filter: If the filter is configured and the original source is a scoped IPv6 address, it will cause a crash.
DNS response address resolution: If a DNS response contains a scoped IPv6 address, this will also trigger the crash.

PoC

To reproduce the vulnerability:

Method A (Original Src Filter): Configure the original src filter in Envoy and provide a scoped IPv6 address as the original source.
Method B (DNS Resolution): Trigger a DNS resolution process within Envoy where the DNS response contains a scoped IPv6 address.

Impact

This is a Denial of Service (DoS) vulnerability. It impacts users who have the original src filter configured or whose Envoy instances resolve addresses from DNS responses that may contain scoped IPv6 addresses.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

GHSA-3CW6-2J68-868P

Affected Products

Github.Com/Envoyproxy/Envoy