Description
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.
Remediation
References
Related Vulnerabilities
WordPress Plugin Fusion:Extension-Map Multiple Unspecified Vulnerabilities (1.0.3)
Oracle Database Server CVE-2006-0287 Vulnerability (CVE-2006-0287)
WordPress Plugin Theme Test Drive Multiple Vulnerabilities (2.9)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1860)
WordPress Plugin Acurax On Click Pop Under Multiple Unspecified Vulnerabilities (2.2.1)