1.17.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

envoyproxy

CWE-476

NVD

Published: 2021-05-20

Updated: 2021-05-27

Summary

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

Vulnerable Configurations

Part	Description	Count
Application	Envoyproxy Envoyproxy Envoy 1.16.2 Envoyproxy Envoy 1.17.1	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/envoyproxy/envoy/releases
https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg
https://blog.envoyproxy.io
https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg