An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Envoy | Envoyproxy | 1.16.2 (including) | 1.16.2 (including) |
Envoy | Envoyproxy | 1.17.1 (including) | 1.17.1 (including) |