Yan Avlasov

2 exploits Active since Feb 2022
CVE-2022-23606 WRITEUP MEDIUM WRITEUP
Envoy 1.20.0-1.20.1 - Denial of Service via Cluster Deletion Recursion
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.
CVSS 4.4
CVE-2024-23323 WRITEUP MEDIUM WRITEUP
Envoy 1.26.0-1.26.6 - Inefficient CPU Computation via Regex Matcher
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 4.3