Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-43826
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Crash when tunneling TCP over HTTP in Envoy
Source: NVD (National Vulnerability Database)
Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Envoy 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 存在资源管理错误漏洞,该漏洞源于当为上游隧道配置envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config时发生崩溃,并且下游连接断开,而上游连接或 http/2 流仍然存在。 没有解决此问题的方法。 建议用户升级。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
envoyproxyenvoy < 1.18.6 -
II. Public POCs for CVE-2021-43826
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-43826
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: envoy
Same vendor: envoyproxy
Same weakness: CWE-416
V. Comments for CVE-2021-43826

No comments yet

Leave a comment