An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
References
Link | Resource |
---|---|
https://github.com/envoyproxy/envoy-setec/pull/230 | Broken Link |
https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg | Not Applicable Third Party Advisory |
https://blog.envoyproxy.io | Vendor Advisory |
https://github.com/envoyproxy/envoy/releases/tag/v1.14.0 | Third Party Advisory |
https://github.com/envoyproxy/envoy/security/advisories/GHSA-rqvq-hxw5-776j | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-05-20 10:15
Updated : 2021-05-26 18:25
NVD link : CVE-2021-29258
Mitre link : CVE-2021-29258
JSON object : View
CWE
CWE-617
Reachable Assertion
Products Affected
envoyproxy
- envoy