CVE-2023-27493Improper Input Validation in Envoy

CWE-20Improper Input ValidationCWE-444HTTP Request Smuggling2 documents2 sources
Severity
9.1CRITICALNVD
EPSS
0.0%
top 98.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Envoyproxy Envoy
Timeline
PublishedApr 4

Description

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDenvoyproxy/envoy1.23.01.23.6+3
CVEListV5envoyproxy/envoy>= 1.23.0, < 1.23.6, >= 1.24.0, < 1.24.4, >= 1.25.0, < 1.25.3+2

📋Vendor Advisories

1
Red Hat
envoy: envoy doesn't escape HTTP header values2023-04-04
CVE-2023-27493 — Improper Input Validation in Envoy | cvebase