Description

Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener.

Remediation

References

CVE-2022-21655

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2571)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0465)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6606)

WordPress Plugin 10Web Map Builder for Google Maps SQL Injection (1.0.72)

WordPress Plugin BSDev.at-Importer:Serendipity Cross-Site Scripting (0.0.1)

Severity

High

Classification

CVE-2022-21655 CWE-670 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities