CVE-2022-29224

MEDIUM

Envoy <1.22.1 - Memory Corruption

Title source: llm

Description

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_confirm

https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49

Patch x_refsource_misc

https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db

View Patch ZIP pw:eip

Scores

CVSS v3 5.9

EPSS 0.0103

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

envoyproxy/envoy < 1.22.1

Published Jun 09, 2022

Tracked Since Feb 18, 2026