Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crash in proxy protocol when command type of LOCAL in Envoy
Vulnerability Description
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Envoy 代码问题漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 1.29.1之前版本存在代码问题漏洞,该漏洞源于当命令类型为LOCAL时会发生拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A