Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoys ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filters life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10.
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.