{"containers": {"cna": {"affected": [{"product": "envoy", "vendor": "envoyproxy", "versions": [{"status": "affected", "version": "< 1.18.6"}, {"status": "affected", "version": ">= 1.19.0, < 1.19.3"}, {"status": "affected", "version": ">= 1.20.0, < 1.20.2"}, {"status": "affected", "version": ">= 1.21.0, < 1.21.1"}]}], "descriptions": [{"lang": "en", "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-22T22:45:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"}], "source": {"advisory": "GHSA-h69p-g6xg-mhhh", "discovery": "UNKNOWN"}, "title": "Use-after-free in Envoy", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43825", "STATE": "PUBLIC", "TITLE": "Use-after-free in Envoy"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "envoy", "version": {"version_data": [{"version_value": "< 1.18.6"}, {"version_value": ">= 1.19.0, < 1.19.3"}, {"version_value": ">= 1.20.0, < 1.20.2"}, {"version_value": ">= 1.21.0, < 1.21.1"}]}}]}, "vendor_name": "envoyproxy"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416: Use After Free"}]}]}, "references": {"reference_data": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh", "refsource": "CONFIRM", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"}, {"name": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136", "refsource": "MISC", "url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"}]}, "source": {"advisory": "GHSA-h69p-g6xg-mhhh", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.802Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43825", "datePublished": "2022-02-22T22:45:12", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.802Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EFC93D0-C206-417C-81D0-F18145E3D768", "versionEndExcluding": "1.18.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "2812AC62-44B5-4077-862D-A221CD88981D", "versionEndExcluding": "1.19.3", "versionStartIncluding": "1.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8", "versionEndExcluding": "1.20.2", "versionStartIncluding": "1.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "83895D03-DAD1-4893-8A1C-F9143DEEC172", "versionEndExcluding": "1.21.1", "versionStartIncluding": "1.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service."}, {"lang": "es", "value": "Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. El env\u00edo de una respuesta generada localmente debe detener el procesamiento posterior de los datos de petici\u00f3n o respuesta. Envoy realiza un seguimiento de la cantidad de datos de petici\u00f3n y respuesta almacenados en el b\u00fafer y aborta la petici\u00f3n si la cantidad de datos almacenados en el b\u00fafer supera el l\u00edmite enviando 413 o 500 respuestas. Sin embargo, cuando el b\u00fafer es desbordado mientras la respuesta es procesada por la cadena de filtros, es posible que la operaci\u00f3n no sea abortada correctamente y que sea accedido a un bloque de memoria liberado. Si esto ocurre, Envoy ser\u00e1 bloqueado resultando en una denegaci\u00f3n de servicio"}], "id": "CVE-2021-43825", "lastModified": "2022-03-02T18:13:00.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-02-22T23:15:10.890", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1276", "cpe": "cpe:/a:redhat:service_mesh:2.0::el8", "package": "servicemesh-proxy-0:2.0.9-3.el8", "product_name": "OpenShift Service Mesh 2.0", "release_date": "2022-04-07T00:00:00Z"}, {"advisory": "RHSA-2022:1275", "cpe": "cpe:/a:redhat:service_mesh:2.1::el8", "package": "servicemesh-proxy-0:2.1.2-4.el8", "product_name": "OpenShift Service Mesh 2.1", "release_date": "2022-04-07T00:00:00Z"}], "bugzilla": {"description": "envoy: Use-after-free when response filters increase response data", "id": "2050746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.", "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block."], "name": "CVE-2021-43825", "public_date": "2022-02-22T07:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-43825\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43825\nhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"], "threat_severity": "Moderate", "upstream_fix": "envoy 1.18.6, envoy 1.19.3, envoy 1.20.2, envoy 1.21.1"}