CVE-2021-29258

Name
CVE-2021-29258
Description
An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/envoyproxy/envoy-setec/pull/230
MISC https://github.com/envoyproxy/envoy/security/advisories/GHSA-xw4q-6pj2-5gfg
MISC https://blog.envoyproxy.io
MISC https://github.com/envoyproxy/envoy/releases/tag/v1.14.0
Third Party Advisory https://github.com/envoyproxy/envoy/security/advisories/GHSA-rqvq-hxw5-776j

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:envoyproxy:envoy:1.14.6:*:*:*:*:*:*:* envoy == None == 1.14.6
cpe:2.3:a:envoyproxy:envoy:1.15.3:*:*:*:*:*:*:* envoy == None == 1.15.3
cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:* envoy == None == 1.16.2
cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:* envoy == None == 1.17.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status