CVE-2022-29224 — NULL Pointer Dereference in Envoy
Severity
5.9MEDIUMNVD
EPSS
1.0%
top 22.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 9
Description
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, et…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6