cbcvebase.

Envoyproxy Envoy vulnerabilities

110 known vulnerabilities affecting envoyproxy/envoy.

Total CVEs
110
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL11HIGH73MEDIUM25LOW1

Vulnerabilities

Page 4 of 6
CVE-2023-35943P3HIGHCVSS 7.5≥ 1.23.0, < 1.23.12≥ 1.24.0, < 1.24.10+6 more2023-07-25
CVE-2023-35943 [HIGH] CWE-416 CVE-2023-35943: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to vers Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix
nvd
CVE-2026-26310P3HIGHCVSS 7.5fixed in 1.34.13≥ 1.35.0, < 1.35.8+5 more2026-03-10
CVE-2026-26310 [HIGH] CWE-20 CVE-2026-26310: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filter and the dns filter. This vulnerability is fixed in 1.37.1, 1.36.5, 1.35.8, and 1.34.13.
nvd
CVE-2025-64527P3MEDIUMCVSS 6.5fixed in 1.33.13≥ 1.34.0, < 1.34.11+6 more2025-12-03
CVE-2025-64527 [MEDIUM] CWE-476 CVE-2025-64527: Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earl Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFe
nvd
CVE-2020-35471P3HIGHCVSS 7.5fixed in 1.16.12020-12-15
CVE-2020-35471 [HIGH] CVE-2020-35471: Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fa Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
nvd
CVE-2019-18836P3HIGHCVSS 7.5v1.12.02019-11-11
CVE-2019-18836 [HIGH] CWE-835 CVE-2019-18836: Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a singl Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
nvd
CVE-2020-12604P3HIGHCVSS 7.5≤ 1.12.4v1.13.2+1 more2020-07-01
CVE-2020-12604 [HIGH] CWE-401 CVE-2020-12604: Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
nvd
CVE-2024-32475P3HIGHCVSS 7.5≥ 1.13.0, < 1.27.5≥ 1.28.0, < 1.28.3+6 more2024-04-18
CVE-2024-32475 [HIGH] CWE-253 CVE-2024-32475: Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used wi Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can
nvd
CVE-2024-45807P3HIGHCVSS 7.5≥ 1.31.0, < 1.31.2v>= 1.31.0, < 1.31.22024-09-20
CVE-2024-45807 [HIGH] CWE-670 CVE-2024-45807: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` a Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release v
nvd
CVE-2025-30157P3HIGHCVSS 7.5fixed in 1.30.10≥ 1.31.0, < 1.31.6+5 more2025-03-21
CVE-2025-30157 [HIGH] CWE-460 CVE-2025-30157: Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the cr
nvd
CVE-2024-45806P3MEDIUMCVSS 6.5fixed in 1.28.7≥ 1.29.0, < 1.29.9+5 more2024-09-20
CVE-2024-45806 [MEDIUM] CWE-639 CVE-2024-45806: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envo Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of internal trust boundaries, which considers all RFC1
nvd
CVE-2019-15225P3HIGHCVSS 7.5≤ 1.11.12019-08-19
CVE-2019-15225 [HIGH] CVE-2019-15225: In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc+ In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service (memory consumption). This is a related issue to CVE-2019-14993.
nvd
CVE-2021-28682P3HIGHCVSS 7.5v1.14.6v1.15.3+2 more2021-05-20
CVE-2021-28682 [HIGH] CWE-190 CVE-2021-28682: An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
nvd
CVE-2020-12603P3HIGHCVSS 7.5≤ 1.12.4v1.13.2+1 more2020-07-01
CVE-2020-12603 [HIGH] CWE-400 CVE-2020-12603: Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxyin Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
nvd
CVE-2021-43825P3HIGHCVSS 7.5fixed in 1.18.6≥ 1.19.0, < 1.19.3+5 more2022-02-22
CVE-2021-43825 [HIGH] CWE-416 CVE-2021-43825: Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a lo Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. How
nvd
CVE-2024-32976P3HIGHCVSS 7.5≥ 1.18.0, < 1.27.6≥ 1.28.0, < 1.28.4+6 more2024-06-04
CVE-2024-32976 [HIGH] CWE-835 CVE-2024-32976: Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
nvd
CVE-2026-47775P3MEDIUMCVSS 6.8≥ 1.35.0, < 1.35.11≥ 1.36.0, < 1.36.7+6 more2026-06-26
CVE-2026-47775 [MEDIUM] CWE-209 CVE-2026-47775: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEAD). The /callback endpoint returns HTTP 302 on successful decryption and HTTP 401 on padding failure,
nvd
CVE-2021-29258P3HIGHCVSS 7.5v1.14.6v1.15.3+2 more2021-05-20
CVE-2021-29258 [HIGH] CWE-617 CVE-2021-29258: An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, b An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
nvd
CVE-2021-28683P3HIGHCVSS 7.5v1.16.2v1.17.12021-05-20
CVE-2021-28683 [HIGH] CWE-476 CVE-2021-28683: An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer derefe An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
nvd
CVE-2020-8663P3HIGHCVSS 7.5≤ 1.12.4≥ 1.13.0, ≤ 1.13.2+1 more2020-07-01
CVE-2020-8663 [HIGH] CWE-400 CVE-2020-8663: Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when acce Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
nvd
CVE-2023-35945P3HIGHCVSS 7.5fixed in 1.23.11≥ 1.24.0, < 1.24.9+6 more2023-07-13
CVE-2023-35945 [HIGH] CWE-400 CVE-2023-35945: Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping str
nvd
Envoyproxy Envoy vulnerabilities | cvebase