Description
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted ProcessingResponse messages. This can occur when the first response in the batch causes the gRPC stream object to be destroyed, leading to a use-after-free error when Envoy attempts to process subsequent responses in the same gRPC message. This vulnerability is fixed in 1.35.13, 1.36.9, 1.37.5, and 1.38.3.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- envoyproxy / envoy>= 1.38.0, < 1.38.3 – >= 1.38.0, < 1.38.3
- envoyproxy / envoy>= 1.37.0, < 1.37.5 – >= 1.37.0, < 1.37.5
- envoyproxy / envoy>= 1.36.0, < 1.36.9 – >= 1.36.0, < 1.36.9
- envoyproxy / envoy>= 1.34.0, < 1.35.13 – >= 1.34.0, < 1.35.13