Description
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Analytics Opt-Out Cross-Site Scripting (2.3.4)
Oracle JRE CVE-2012-1541 Vulnerability (CVE-2012-1541)
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)
WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (5.5.15)
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4111)