漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Crash in proxy protocol when command type of LOCAL in Envoy
Vulnerability Description
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Envoy 代码问题漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 1.29.1之前版本存在代码问题漏洞,该漏洞源于当命令类型为LOCAL时会发生拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A