CVE-2022-21655 : What You Need to Know
Understand the impact and technical details of CVE-2022-21655, a vulnerability in Envoy affecting versions < 1.18.6 to >= 1.21.1. Learn about mitigation and prevention strategies.
Envoy is an open-source edge and service proxy with a vulnerability in the common router. Learn more about the impact, technical details, and mitigation strategies.
Understanding CVE-2022-21655
This CVE involves incorrect handling of internal redirects in Envoy, leading to a crash.
What is CVE-2022-21655?
Envoy, being a cloud-native application proxy, experiences a denial of service when an internal redirect picks a route configured with direct response or redirect actions.
The Impact of CVE-2022-21655
The vulnerability in Envoy can cause a denial of service due to a segmentation fault triggered by internal redirects selecting specific routes.
Technical Details of CVE-2022-21655
Here are the technical aspects of the vulnerability in Envoy.
Vulnerability Description
The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions.
Affected Systems and Versions
- Envoy versions < 1.18.6
- Envoy versions >= 1.19.0, < 1.19.3
- Envoy versions >= 1.20.0, < 1.20.2
- Envoy versions >= 1.21.0, < 1.21.1
Exploitation Mechanism
As a workaround, turning off internal redirects is advised if direct response entries are configured on the same listener.
Mitigation and Prevention
Understanding how to mitigate and prevent CVE-2022-21655 is crucial for maintaining system security.
Immediate Steps to Take
Evaluate affected versions, apply patches, and follow recommended workaround strategies to prevent exploitation.
Long-Term Security Practices
Regularly update Envoy to patched versions and monitor security advisories for any new vulnerabilities.
Patching and Updates
Apply patches provided by Envoyproxy and stay informed about security updates to avoid potential exploitation.