CVE-2021-28683

Name
CVE-2021-28683
Description
An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/envoyproxy/envoy/releases
MISC https://github.com/envoyproxy/envoy/security/advisories/GHSA-r22g-5f3x-xjgg
MISC https://blog.envoyproxy.io
Third Party Advisory https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:* envoy == None == 1.16.2
cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:* envoy == None == 1.17.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status