Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

envoy — Vulnerabilities & Security Advisories 77

All 77 CVE vulnerabilities found in envoy, with AI-generated Chinese analysis, references, and POCs.

Vendor: envoyproxy

CVE IDTitleCVSSSeverityPublished
CVE-2024-32975 Envoy crashes in QuicheDataReader::PeekVarInt62Length() CWE-191 5.9 Medium2024-06-04
CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input CWE-835 7.5 High2024-06-04
CVE-2024-34362 Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream CWE-416 5.9 Medium2024-06-04
CVE-2024-34363 Envoy can crash due to uncaught nlohmann JSON exception CWE-248 7.5 High2024-06-04
CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response CWE-400 5.7 Medium2024-06-04
CVE-2024-23326 Envoy incorrectly accepts HTTP 200 response for entering upgrade mode CWE-391 5.9 Medium2024-06-04
CVE-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes CWE-253 7.5 High2024-04-18
CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood CWE-390 5.3 Medium2024-04-04
CVE-2024-27919 HTTP/2: memory exhaustion due to CONTINUATION frame flood CWE-390 7.5 High2024-04-04
CVE-2024-23322 Envoy crashes when idle and request per try timeout occur within the backoff interval CWE-416 7.5 High2024-02-09
CVE-2024-23323 Excessive CPU usage when URI template matcher is configured using regex in Envoy CWE-400 4.3 Medium2024-02-09
CVE-2024-23324 Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata CWE-20 8.6 High2024-02-09
CVE-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS CWE-755 7.5 High2024-02-09
CVE-2024-23327 Crash in proxy protocol when command type of LOCAL in Envoy CWE-476 7.5 High2024-02-09
CVE-2023-35944 Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes CWE-20 8.2 High2023-07-25
CVE-2023-35943 Envoy vulnerable to CORS filter segfault when origin header is removed CWE-416 6.3 Medium2023-07-25
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining CWE-416 6.5 Medium2023-07-25
CVE-2023-35941 Envoy vulnerable to OAuth2 credentials exploit with permanent validity CWE-116 8.6 High2023-07-25
CVE-2023-35945 Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec CWE-400 7.5 High2023-07-13
CVE-2023-33869 Enphase Envoy OS Command Injection CWE-78 6.3 Medium2023-06-20
CVE-2023-27496 Envoy may crash when a redirect url without a state param is received in the oauth filter CWE-20 6.5 Medium2023-04-04
CVE-2023-27493 Envoy doesn't escape HTTP header values CWE-20 8.1 High2023-04-04
CVE-2023-27492 Envoy may crash when a large request body is processed in Lua filter CWE-770 4.8 Medium2023-04-04
CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers CWE-20 5.4 Medium2023-04-04
CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received. CWE-20 5.4 Medium2023-04-04
CVE-2023-27487 Envoy client may fake the header `x-envoy-original-path` CWE-20 8.2 High2023-04-04
CVE-2022-29227 Use after free in Envoy CWE-416 7.5 High2022-06-09
CVE-2022-29226 Trivial authentication bypass in Envoy CWE-306 10.0 Critical2022-06-09
CVE-2022-29228 Reachable assertion in Envoy CWE-617 7.5 High2022-06-09
CVE-2022-29225 Zip bomb vulnerability in Envoy CWE-400 7.5 High2022-06-09

All 77 known CVE vulnerabilities affecting envoy with full Chinese analysis, references, and POCs where available.