Description
Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10.
Remediation
References
Related Vulnerabilities
WordPress Plugin MAZ Loader-Preloader Builder for WordPress Cross-Site Request Forgery (1.4.0)
Oracle Database Server CVE-2014-6541 Vulnerability (CVE-2014-6541)
Django Resource Management Errors Vulnerability (CVE-2015-5143)
WordPress Plugin Tracking Code Manager Multiple Vulnerabilities (1.11.1)
WordPress Plugin Search & Replace PHP Object Injection (3.2.2)