Description

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.

Remediation

References

CVE-2021-43826

Related Vulnerabilities

WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-7471)

WordPress Plugin Interactive Geo Maps Cross-Site Scripting (1.5.8)

TYPO3 Improper Input Validation Vulnerability (CVE-2013-4250)

WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)

Severity

High

Classification

CVE-2021-43826 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities