Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

envoyproxy — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting envoyproxy. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by envoyproxy:envoygateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-34363 Envoy can crash due to uncaught nlohmann JSON exception — envoyCWE-248 7.5 High2024-06-04
CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response — envoyCWE-400 5.7 Medium2024-06-04
CVE-2024-23326 Envoy incorrectly accepts HTTP 200 response for entering upgrade mode — envoyCWE-391 5.9 Medium2024-06-04
CVE-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes — envoyCWE-253 7.5 High2024-04-18
CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood — envoyCWE-390 5.3 Medium2024-04-04
CVE-2024-27919 HTTP/2: memory exhaustion due to CONTINUATION frame flood — envoyCWE-390 7.5 High2024-04-04
CVE-2024-23322 Envoy crashes when idle and request per try timeout occur within the backoff interval — envoyCWE-416 7.5 High2024-02-09
CVE-2024-23323 Excessive CPU usage when URI template matcher is configured using regex in Envoy — envoyCWE-400 4.3 Medium2024-02-09
CVE-2024-23324 Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata — envoyCWE-20 8.6 High2024-02-09
CVE-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS — envoyCWE-755 7.5 High2024-02-09
CVE-2024-23327 Crash in proxy protocol when command type of LOCAL in Envoy — envoyCWE-476 7.5 High2024-02-09
CVE-2023-35944 Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes — envoyCWE-20 8.2 High2023-07-25
CVE-2023-35943 Envoy vulnerable to CORS filter segfault when origin header is removed — envoyCWE-416 6.3 Medium2023-07-25
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining — envoyCWE-416 6.5 Medium2023-07-25
CVE-2023-35941 Envoy vulnerable to OAuth2 credentials exploit with permanent validity — envoyCWE-116 8.6 High2023-07-25
CVE-2023-35945 Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec — envoyCWE-400 7.5 High2023-07-13
CVE-2023-27496 Envoy may crash when a redirect url without a state param is received in the oauth filter — envoyCWE-20 6.5 Medium2023-04-04
CVE-2023-27493 Envoy doesn't escape HTTP header values — envoyCWE-20 8.1 High2023-04-04
CVE-2023-27492 Envoy may crash when a large request body is processed in Lua filter — envoyCWE-770 4.8 Medium2023-04-04
CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers — envoyCWE-20 5.4 Medium2023-04-04
CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received. — envoyCWE-20 5.4 Medium2023-04-04
CVE-2023-27487 Envoy client may fake the header `x-envoy-original-path` — envoyCWE-20 8.2 High2023-04-04
CVE-2022-29227 Use after free in Envoy — envoyCWE-416 7.5 High2022-06-09
CVE-2022-29226 Trivial authentication bypass in Envoy — envoyCWE-306 10.0 Critical2022-06-09
CVE-2022-29228 Reachable assertion in Envoy — envoyCWE-617 7.5 High2022-06-09
CVE-2022-29225 Zip bomb vulnerability in Envoy — envoyCWE-400 7.5 High2022-06-09
CVE-2022-29224 Segmentation fault leading to crash in Envoy — envoyCWE-476 5.9 Medium2022-06-09
CVE-2021-43826 Crash when tunneling TCP over HTTP in Envoy — envoyCWE-416 7.5 High2022-02-22
CVE-2021-43825 Use-after-free in Envoy — envoyCWE-416 6.1 Medium2022-02-22
CVE-2022-21655 Incorrect handling of internal redirects results in crash in Envoy — envoyCWE-670 7.5 High2022-02-22

This page lists every published CVE security advisory associated with envoyproxy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.