Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-23606— Crash when a cluster is deleted in Envoy

CVSS 4.4 · Medium EPSS 0.10% · P27
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-23606

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Crash when a cluster is deleted in Envoy
Source: NVD (National Vulnerability Database)
Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经控制的递归
Source: NVD (National Vulnerability Database)
Vulnerability Title
Envoy 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 存在安全漏洞,该漏洞源于当通过集群发现服务 (CDS) 删除集群时,与该集群中的端点建立的所有空闲连接都将断开连接。 在断开空闲连接的过程中引入了递归,当集群有大量空闲连接时,可能导致堆栈耗尽和进程异常终止。 这种无限递归导致 Envoy 崩溃。 建议用户升级。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
envoyproxyenvoy >= 1.20.0, < 1.20.2 -

II. Public POCs for CVE-2022-23606

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-23606

登录查看更多情报信息。

Same Patch Batch · envoyproxy · 2022-02-22 · 8 CVEs total

CVE-2021-438267.5 HIGHCrash when tunneling TCP over HTTP in Envoy
CVE-2022-216557.5 HIGHIncorrect handling of internal redirects results in crash in Envoy
CVE-2021-438247.5 HIGHNull pointer dereference in envoy
CVE-2022-216547.4 HIGHIncorrect configuration handling allows TLS session re-use without re-validation in Envoy
CVE-2022-216567.4 HIGHX.509 subjectAltName matching bypass in Envoy
CVE-2022-216576.8 MEDIUMX.509 Extended Key Usage and Trust Purposes bypass in Envoy
CVE-2021-438256.1 MEDIUMUse-after-free in Envoy

IV. Related Vulnerabilities

Same product: envoy
Same vendor: envoyproxy
Same weakness: CWE-674

V. Comments for CVE-2022-23606

No comments yet

Leave a comment