An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
{ "cpes": [ "cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*", "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*" ], "severity": "High" }