Description
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j
Patch, Third Party Advisory x_refsource_misc
https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a
Scores
CVSS v3
7.5
EPSS
0.0031
EPSS Percentile
54.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
envoyproxy/envoy
1.26.0 - 1.26.7
Published
Feb 09, 2024
Tracked Since
Feb 18, 2026