Brief Description
On a TLS connection, if a TLS alert is received, Envoy tries to get a textual description of the alert code. For unknown codes, a NULL pointer is dereferenced resulting in Envoy crashing.
This issue is not applicable to 1.15 and earlier due to the fact that on those releases, Envoy did not use C++17, and used the Abseil version of string_view, absl::string_view. When the project switched to C++17, Abseil internally started using std::string_view, which does not handle nullptr in the constructor. Thus, this issue only applies to versions using C++17.
Impact
Denial of Service.
Mitigation
None.
References
https://blog.envoyproxy.io
https://github.com/envoyproxy/envoy/releases
Attack vector(s)
Network.
timbuchwaldt Analyst
Brief Description
On a TLS connection, if a TLS alert is received, Envoy tries to get a textual description of the alert code. For unknown codes, a NULL pointer is dereferenced resulting in Envoy crashing.
This issue is not applicable to 1.15 and earlier due to the fact that on those releases, Envoy did not use C++17, and used the Abseil version of string_view, absl::string_view. When the project switched to C++17, Abseil internally started using std::string_view, which does not handle nullptr in the constructor. Thus, this issue only applies to versions using C++17.
Impact
Denial of Service.
Mitigation
None.
References
https://blog.envoyproxy.io
https://github.com/envoyproxy/envoy/releases
Attack vector(s)
Network.