CVE-2021-43825

Published: Feb 22, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.

Vendor	Product	Versions
envoyproxy	envoy	affected `< 1.18.6` affected `>= 1.19.0, < 1.19.3` affected `>= 1.20.0, < 1.20.2` affected `>= 1.21.0, < 1.21.1`

Weaknesses (CWE)

CWE-416

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh

x_refsource_CONFIRM

https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-43825

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References