Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.
Remediation
References
Related Vulnerabilities
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-3376)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7929)
Oracle Database Server CVE-2012-0528 Vulnerability (CVE-2012-0528)
WordPress Plugin Official MailerLite Sign Up Forms SQL Injection (1.4.3)
Oracle Database Server CVE-2016-5516 Vulnerability (CVE-2016-5516)