An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": [
"cpe:2.3:a:envoyproxy:envoy:1.14.6:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.15.3:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.14.6"
},
{
"last_affected": "1.14.6"
},
{
"introduced": "1.15.3"
},
{
"last_affected": "1.15.3"
},
{
"introduced": "1.16.2"
},
{
"last_affected": "1.16.2"
},
{
"introduced": "1.17.1"
},
{
"last_affected": "1.17.1"
}
]
}