Description

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

Remediation

References

CVE-2021-28683

Related Vulnerabilities

ProjectSend Improper Input Validation Vulnerability (CVE-2017-9741)

WordPress Plugin WP DSGVO Tools (GDPR) Security Bypass (3.1.23)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Multiple Vulnerabilities (6.9.9)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

Apache HTTP Server Other Vulnerability (CVE-1999-1293)

Severity

High

Classification

CVE-2021-28683 CWE-476 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities