SB2023040516 - Multiple vulnerabilities in Envoy
Published: April 5, 2023 Updated: April 6, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2023-27496)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when a redirect url without a state param is received in the oauth filter. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2023-27487)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the "header x-envoy-original-path". A remote attacker can gain access to sensitive information on the system.
3) Input validation error (CVE-ID: CVE-2023-27491)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input within the HTTP/2 and HTTP/3 downstream headers. A remote attacker can bypass the security policies.
4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-27492)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists when a large request body is processed in Lua filter. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
5) Input validation error (CVE-ID: CVE-2023-27493)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected application does not sanitize or escape request properties when generating request headers. A remote attacker can cause request smuggling and bypass of security policies.
6) Input validation error (CVE-ID: CVE-2023-27488)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input when "failure_mode_allow: true" is configured for ext_authz filter. A remote attacker can pass specially crafted input to the application and gain elevated privileges on the target system.
Remediation
Install update from vendor's website.
References
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5
- https://github.com/envoyproxy/envoy/releases/tag/v1.25.4
- https://github.com/envoyproxy/envoy/releases/tag/v1.24.5
- https://github.com/envoyproxy/envoy/releases/tag/v1.23.7
- https://github.com/envoyproxy/envoy/releases/tag/v1.22.10
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g
- https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp
- https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2
- https://datatracker.ietf.org/doc/html/rfc9113#section-8.3
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph