CVE-2021-28683

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.17 % (54^th)

Affected Products 1

Advisories 4

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-05-20 17:15:07
(3 years ago)
Updated Date: 2021-05-27 15:19:53
(3 years ago)

Affected Products

Envoyproxy

Envoy

Configuration #1

		CPE23	From	Up To
	Envoyproxy Envoy 1.16.2	cpe:2.3:a:envoyproxy:envoy:1.16.2
	Envoyproxy Envoy 1.17.1	cpe:2.3:a:envoyproxy:envoy:1.17.1