Description

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.

Remediation

References

CVE-2021-43826

Related Vulnerabilities

WordPress Plugin YARPP-Yet Another Related Posts Cross-Site Scripting (5.30.2)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.21)

WordPress Plugin Yoast SEO Information Disclosure (3.2.4)

MongoDb Other Vulnerability (CVE-2020-7929)

Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

Severity

High

Classification

CVE-2021-43826 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities