cve-2021-43825
Vulnerability from cvelistv5
Published
2022-02-22 22:45
Modified
2024-08-04 04:03
Summary
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:08.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.18.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.19.0, \u003c 1.19.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.20.0, \u003c 1.20.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.21.0, \u003c 1.21.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-22T22:45:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
        }
      ],
      "source": {
        "advisory": "GHSA-h69p-g6xg-mhhh",
        "discovery": "UNKNOWN"
      },
      "title": "Use-after-free in Envoy",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-43825",
          "STATE": "PUBLIC",
          "TITLE": "Use-after-free in Envoy"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "envoy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.18.6"
                          },
                          {
                            "version_value": "\u003e= 1.19.0, \u003c 1.19.3"
                          },
                          {
                            "version_value": "\u003e= 1.20.0, \u003c 1.20.2"
                          },
                          {
                            "version_value": "\u003e= 1.21.0, \u003c 1.21.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "envoyproxy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh",
              "refsource": "CONFIRM",
              "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
            },
            {
              "name": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
              "refsource": "MISC",
              "url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-h69p-g6xg-mhhh",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-43825",
    "datePublished": "2022-02-22T22:45:12",
    "dateReserved": "2021-11-16T00:00:00",
    "dateUpdated": "2024-08-04T04:03:08.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-43825\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-22T23:15:10.890\",\"lastModified\":\"2022-03-02T18:13:00.923\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.\"},{\"lang\":\"es\",\"value\":\"Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. El env\u00edo de una respuesta generada localmente debe detener el procesamiento posterior de los datos de petici\u00f3n o respuesta. Envoy realiza un seguimiento de la cantidad de datos de petici\u00f3n y respuesta almacenados en el b\u00fafer y aborta la petici\u00f3n si la cantidad de datos almacenados en el b\u00fafer supera el l\u00edmite enviando 413 o 500 respuestas. Sin embargo, cuando el b\u00fafer es desbordado mientras la respuesta es procesada por la cadena de filtros, es posible que la operaci\u00f3n no sea abortada correctamente y que sea accedido a un bloque de memoria liberado. Si esto ocurre, Envoy ser\u00e1 bloqueado resultando en una denegaci\u00f3n de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.6\",\"matchCriteriaId\":\"0EFC93D0-C206-417C-81D0-F18145E3D768\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.3\",\"matchCriteriaId\":\"2812AC62-44B5-4077-862D-A221CD88981D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.2\",\"matchCriteriaId\":\"F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.1\",\"matchCriteriaId\":\"83895D03-DAD1-4893-8A1C-F9143DEEC172\"}]}]}],\"references\":[{\"url\":\"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.