Vulnerabilities > CVE-2021-28683 - NULL Pointer Dereference vulnerability in Envoyproxy Envoy 1.16.2/1.17.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
References
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg
- https://blog.envoyproxy.io
- https://blog.envoyproxy.io
- https://github.com/envoyproxy/envoy/releases
- https://github.com/envoyproxy/envoy/releases
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg