cbcvebase.

Envoyproxy Envoy vulnerabilities

110 known vulnerabilities affecting envoyproxy/envoy.

Total CVEs
110
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL11HIGH73MEDIUM25LOW1

Vulnerabilities

Page 5 of 6
CVE-2024-32975P3HIGHCVSS 7.5fixed in 1.27.6≥ 1.28.0, < 1.28.4+6 more2024-06-04
CVE-2024-32975 [HIGH] CWE-191 CVE-2024-32975: Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader:: Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation.
nvd
CVE-2024-34363P3HIGHCVSS 7.5≥ 1.28.0, < 1.28.4≥ 1.29.0, < 1.29.5+4 more2024-06-04
CVE-2024-34363 [HIGH] CWE-248 CVE-2024-34363: Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann J Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.
nvd
CVE-2025-66220P3HIGHCVSS 7.1fixed in 1.33.13≥ 1.34.0, < 1.34.11+6 more2025-12-03
CVE-2025-66220 [HIGH] CWE-170 CVE-2025-66220: Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earl Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.
nvd
CVE-2026-47207P3MEDIUMCVSS 6.5≥ 1.34.0, < 1.35.13≥ 1.36.0, < 1.36.9+6 more2026-06-26
CVE-2026-47207 [MEDIUM] CWE-416 CVE-2026-47207: Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 u Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the first response in the batch causes the gRPC stream ob
nvd
CVE-2024-45808P3MEDIUMCVSS 6.5fixed in 1.28.7≥ 1.29.0, < 1.29.9+5 more2024-09-20
CVE-2024-45808 [MEDIUM] CWE-117 CVE-2024-45808: Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identif Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.
nvd
CVE-2020-12605P3HIGHCVSS 7.5≤ 1.12.4v1.13.2+1 more2020-07-01
CVE-2020-12605 [HIGH] CWE-770 CVE-2020-12605: Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when process Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
nvd
CVE-2020-25018P3HIGHCVSS 7.5≥ 2d69e30, < 3b5acb22020-10-01
CVE-2020-25018 [HIGH] CVE-2020-25018: Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicali Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
nvd
CVE-2022-21655P3HIGHCVSS 7.5fixed in 1.18.6≥ 1.19.0, < 1.19.3+5 more2022-02-22
CVE-2022-21655 [HIGH] CWE-670 CVE-2022-21655: Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy co Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the
nvd
CVE-2023-35942P3MEDIUMCVSS 6.5≥ 1.23.0, < 1.23.12≥ 1.24.0, < 1.24.10+6 more2023-07-25
CVE-2023-35942 [MEDIUM] CWE-416 CVE-2023-35942: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to vers Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a
nvd
CVE-2026-48090P3MEDIUMCVSS 5.9≥ 1.37.0, < 1.37.5≥ 1.38.0, < 1.38.3+2 more2026-06-26
CVE-2026-48090 [MEDIUM] CWE-416 CVE-2026-48090: Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 u Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late AsyncClient completion can still invoke OAuth2Filter methods
nvd
CVE-2023-27492P4MEDIUMCVSS 6.5fixed in 1.22.9≥ 1.23.0, < 1.23.6+5 more2023-04-04
CVE-2023-27492 [MEDIUM] CWE-770 CVE-2023-27492: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to vers Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1
nvd
CVE-2022-21657P4MEDIUMCVSS 6.5fixed in 1.18.6≥ 1.19.0, < 1.19.3+3 more2022-02-22
CVE-2022-21657 [MEDIUM] CWE-295 CVE-2022-21657: Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). Thi
nvd
CVE-2026-47205P4MEDIUMCVSS 5.9≥ 1.36.0, < 1.36.9≥ 1.37.0, < 1.37.5+4 more2026-06-26
CVE-2026-47205 [MEDIUM] CWE-416 CVE-2026-47205: Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 u Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter when processing per-route authorization overrides concurrently with rapid downstream client disconnect
nvd
CVE-2024-53271P4HIGHCVSS 7.1≥ 1.31.0, < 1.31.5≥ 1.32.0, ≤ 1.32.3+2 more2024-12-18
CVE-2024-53271 [HIGH] CWE-670 CVE-2024-53271: Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.
nvd
CVE-2022-21656P4MEDIUMCVSS 5.9fixed in 1.20.22022-02-22
CVE-2022-21656 [MEDIUM] CWE-295 CVE-2022-21656: Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_ Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as
nvd
CVE-2026-26311P4MEDIUMCVSS 5.9fixed in 1.34.13≥ 1.35.0, < 1.35.8+5 more2026-03-10
CVE-2026-26311 [MEDIUM] CWE-416 CVE-2026-26311: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" (UAF) or state-corruption window where filter callbacks are invoked on an HTTP stream that
nvd
CVE-2022-23606P4MEDIUMCVSS 6.5≥ 1.20.0, < 1.20.2v1.21.0+2 more2022-02-22
CVE-2022-23606 [MEDIUM] CWE-674 CVE-2022-23606: Envoy is an open source edge and service proxy, designed for cloud-native applications. When a clust Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnor
nvd
CVE-2024-34364P4MEDIUMCVSS 6.5fixed in 1.27.6≥ 1.28.0, < 1.28.4+6 more2024-06-04
CVE-2024-34364 [MEDIUM] CWE-400 CVE-2024-34364: Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) ve Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
nvd
CVE-2025-64763P4MEDIUMCVSS 5.3fixed in 1.33.13≥ 1.34.0, < 1.34.11+6 more2025-12-03
CVE-2025-64763 [MEDIUM] CWE-693 CVE-2025-64763: Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earl Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to the upstream TCP connection. If a forwarding proxy upstream from Envoy then responds with a non-
nvd
CVE-2024-34362P4MEDIUMCVSS 5.9fixed in 1.27.6≥ 1.28.0, < 1.28.4+6 more2024-06-04
CVE-2024-34362 [MEDIUM] CWE-416 CVE-2024-34362: Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConne Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.
nvd
Envoyproxy Envoy vulnerabilities | cvebase