cbcvebase.

Envoyproxy Envoy vulnerabilities

110 known vulnerabilities affecting envoyproxy/envoy.

Total CVEs
110
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL11HIGH73MEDIUM25LOW1

Vulnerabilities

Page 3 of 6
CVE-2020-25017P3HIGHCVSS 8.3fixed in 1.12.7≥ 1.13.0, < 1.13.4+2 more2020-10-01
CVE-2020-25017 [HIGH] CVE-2020-25017: Envoy through 1.15.0 only considers the first value when multiple header values are present for some Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
nvd
CVE-2021-39204P3HIGHCVSS 7.5≤ 1.16.4≥ 1.17.0, < 1.17.4+2 more2021-09-09
CVE-2021-39204 [HIGH] CWE-834 CVE-2021-39204: Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrect Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary wi
nvd
CVE-2022-29225P3HIGHCVSS 7.5fixed in 1.22.12022-06-09
CVE-2022-29225 [HIGH] CWE-400 CVE-2022-29225: Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust syst
nvd
CVE-2021-32781P3HIGHCVSS 7.5≥ 1.16.0, < 1.16.5≥ 1.17.0, < 1.17.4+6 more2021-08-24
CVE-2021-32781 [HIGH] CWE-416 CVE-2021-32781: Envoy is an open source L7 proxy and communication bus designed for large modern service oriented ar Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processe
nvd
CVE-2021-32778P3HIGHCVSS 7.5≥ 1.16.0, < 1.16.5≥ 1.17.0, < 1.17.4+6 more2021-08-24
CVE-2021-32778 [HIGH] CWE-834 CVE-2021-32778: Envoy is an open source L7 proxy and communication bus designed for large modern service oriented ar Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured
nvd
CVE-2021-32780P3HIGHCVSS 7.5≥ 1.18.0, < 1.18.4v1.19.0+2 more2021-08-24
CVE-2021-32780 [HIGH] CWE-754 CVE-2021-32780: Envoy is an open source L7 proxy and communication bus designed for large modern service oriented ar Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS
nvd
CVE-2022-29227P3HIGHCVSS 7.5fixed in 1.22.12022-06-09
CVE-2022-29227 [HIGH] CWE-416 CVE-2022-29227: Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if E Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the down
nvd
CVE-2021-43824P3HIGHCVSS 7.5fixed in 1.18.6≥ 1.19.0, < 1.19.3+5 more2022-02-22
CVE-2021-43824 [HIGH] CWE-476 CVE-2021-43824: Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.
nvd
CVE-2023-27496P3HIGHCVSS 7.5fixed in 1.22.9≥ 1.23.0, < 1.23.6+5 more2023-04-04
CVE-2023-27496 [HIGH] CWE-20 CVE-2023-27496: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to vers Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without th
nvd
CVE-2024-23325P3HIGHCVSS 7.5≥ 1.26.0, < 1.26.7≥ 1.27.0, < 1.27.3+6 more2024-02-09
CVE-2024-23325 [HIGH] CWE-248 CVE-2024-23325: Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client
nvd
CVE-2024-53270P3HIGHCVSS 7.5fixed in 1.29.12≥ 1.30.0, < 1.30.9+5 more2024-12-18
CVE-2024-53270 [HIGH] CWE-670 CVE-2024-53270: Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverlo Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok
nvd
CVE-2024-53269P3HIGHCVSS 7.5≥ 1.30.0, < 1.30.8≥ 1.31.0, < 1.31.4+4 more2024-12-18
CVE-2024-53269 [HIGH] CWE-670 CVE-2024-53269: Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP
nvd
CVE-2024-45810P3HIGHCVSS 7.5fixed in 1.28.7≥ 1.29.0, < 1.29.9+5 more2024-09-20
CVE-2024-45810 [HIGH] CWE-119 CVE-2024-45810: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http a Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the st
nvd
CVE-2025-54588P3HIGHCVSS 7.5≥ 1.34.0, < 1.34.5v1.35.0+2 more2025-09-03
CVE-2025-54588 [HIGH] CWE-416 CVE-2025-54588: Envoy is an open source L7 proxy and communication bus designed for large modern service oriented ar Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free (UAF) vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic Forward Proxy implementation, occurring when a completion
nvd
CVE-2019-18838P3HIGHCVSS 7.5≤ 1.12.12019-12-13
CVE-2019-18838 [HIGH] CWE-476 CVE-2019-18838: An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host hea An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent to the client. An encoder filter that invokes route manager APIs that access
nvd
CVE-2022-29228P3HIGHCVSS 7.5fixed in 1.22.12022-06-09
CVE-2022-29228 [HIGH] CWE-617 CVE-2022-29228: Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would t Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been
nvd
CVE-2021-43826P3HIGHCVSS 7.5fixed in 1.18.6≥ 1.19.0, < 1.19.3+5 more2022-02-22
CVE-2021-43826 [HIGH] CWE-416 CVE-2021-43826: Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling ` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are ad
nvd
CVE-2024-32974P3HIGHCVSS 7.5fixed in 1.27.6≥ 1.28.0, < 1.28.4+6 more2024-06-04
CVE-2024-32974 [HIGH] CWE-416 CVE-2024-32974: Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServe Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have alrea
nvd
CVE-2024-23327P3HIGHCVSS 7.5≥ 1.26.0, < 1.26.7≥ 1.27.0, < 1.27.3+6 more2024-02-09
CVE-2024-23327 [HIGH] CWE-476 CVE-2024-23327: Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and s Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.
nvd
CVE-2024-23322P3HIGHCVSS 7.5≥ 1.26.0, < 1.26.7≥ 1.27.0, < 1.27.3+6 more2024-02-09
CVE-2024-23322 [HIGH] CWE-416 CVE-2024-23322: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configur
nvd
Envoyproxy Envoy vulnerabilities | cvebase