Envoy
CVE-2022-29224
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation.
AnalysisAI
Envoy is a cloud-native high-performance proxy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. Affected products include: Envoyproxy Envoy. Version information: prior to 1.22.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8
An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
An issue was discovered in Envoy 1.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1
Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Rated
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). R
Envoy's RBAC filter improperly concatenates duplicate HTTP headers into comma-separated strings instead of validating ea
Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability i
Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability i
Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability i
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today