Envoy — Vulnerabilities & Security Advisories 77

All 77 CVE vulnerabilities found in Envoy, with AI-generated Chinese analysis, references, and POCs.

Vendor: envoyproxy

CVE ID	Title	CVSS	Severity	Published
CVE-2022-29224	Segmentation fault leading to crash in Envoy CWE-476	5.9	Medium	2022-06-09
CVE-2021-43826	Crash when tunneling TCP over HTTP in Envoy CWE-416	7.5	High	2022-02-22
CVE-2021-43825	Use-after-free in Envoy CWE-416	6.1	Medium	2022-02-22
CVE-2022-21655	Incorrect handling of internal redirects results in crash in Envoy CWE-670	7.5	High	2022-02-22
CVE-2022-21654	Incorrect configuration handling allows TLS session re-use without re-validation in Envoy CWE-295	7.4	High	2022-02-22
CVE-2022-21657	X.509 Extended Key Usage and Trust Purposes bypass in Envoy CWE-295	6.8	Medium	2022-02-22
CVE-2022-21656	X.509 subjectAltName matching bypass in Envoy CWE-295	7.4	High	2022-02-22
CVE-2022-23606	Crash when a cluster is deleted in Envoy CWE-674	4.4	Medium	2022-02-22
CVE-2021-43824	Null pointer dereference in envoy CWE-476	7.5	High	2022-02-22
CVE-2021-32780	Incorrect handling of H/2 GOAWAY followed by SETTINGS frames CWE-754	8.6	High	2021-08-24
CVE-2021-32781	Continued processing of requests after locally generated response CWE-416	8.6	High	2021-08-24
CVE-2021-32779	Incorrectly handling of URI '#fragment' element as part of the path element CWE-551	8.6	High	2021-08-24
CVE-2021-32778	Excessive CPU utilization when closing HTTP/2 streams CWE-834	5.8	Medium	2021-08-24
CVE-2021-32777	Incorrect concatenation of multiple value request headers in ext-authz extension CWE-551	8.6	High	2021-08-24
CVE-2021-29492	Bypass of path matching rules using escaped slash characters CWE-22	8.1	High	2021-05-28
CVE-2021-21378	JWT authentication bypass with unknown issuer token CWE-287	8.2	High	2021-03-11
CVE-2020-15104	TLS Validation Vulnerability in Envoy CWE-346	4.6	Medium	2020-07-14

All 77 known CVE vulnerabilities affecting Envoy with full Chinese analysis, references, and POCs where available.