CVE-2021-43825
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-43825
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43825.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-43825
- Aliases
- Downstream
- Related
- Published
- 2022-02-22T23:15:10.890Z
- Modified
- 2025-11-20T11:57:28.722350Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.
- References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
Database specific
vanir_signatures
[
{
"digest": {
"length": 1609.0,
"function_hash": "311275383152118931784984301961199794352"
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "ConnectionManagerImpl::doEndStream",
"file": "source/common/http/conn_manager_impl.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-0a813293",
"signature_type": "Function"
},
{
"digest": {
"length": 3749.0,
"function_hash": "168923569037349337459400675916926209481"
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "ConnectionManagerImpl::ActiveStream::encodeHeaders",
"file": "source/common/http/conn_manager_impl.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-21f7e5ce",
"signature_type": "Function"
},
{
"digest": {
"length": 311.0,
"function_hash": "315532894027945407581370801278592550835"
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "FilterManager::maybeEndDecode",
"file": "source/common/http/filter_manager.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-240400cf",
"signature_type": "Function"
},
{
"digest": {
"length": 63.0,
"function_hash": "97833949759316060733099611660179319905"
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "remoteComplete",
"file": "source/common/http/filter_manager.h"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-6aef66dd",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"186397651917258797772294565996541473347",
"68918047758628887814851969596077849009",
"259878721034296135000489742308475202567",
"83428145836199727226224128539505869894",
"282485623446623018687962592705810582220",
"45407368377792007335309114367446598361",
"183322861732672934581824186547731237780",
"231878033675116725973461507198017152843",
"205589801302643637649102184334139709236",
"225432527720844868163757606818968780585",
"321005722655747623362238623034832090730",
"336549933460513408083555293590786914395",
"67618496987210944356518979886139582458",
"154508291562220529247438777288137816702",
"232341066113239013082104778507613652942",
"340088901971753172180621979083024012940",
"60372707688995110817879007932124230425",
"114153931525715146597711593185932890215"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "source/common/http/filter_manager.h"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-72f1da2c",
"signature_type": "Line"
},
{
"digest": {
"length": 445.0,
"function_hash": "230926030186833463017415307976734094308"
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "ActiveStreamEncoderFilter::responseDataTooLarge",
"file": "source/common/http/filter_manager.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-7315cf62",
"signature_type": "Function"
},
{
"digest": {
"length": 118.0,
"function_hash": "277442276636326879712231514311045857557"
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "FilterManager::maybeEndEncode",
"file": "source/common/http/filter_manager.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-9976ca24",
"signature_type": "Function"
},
{
"digest": {
"length": 96.0,
"function_hash": "13534296838354325889420825675334511499"
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "ActiveStreamDecoderFilter::complete",
"file": "source/common/http/filter_manager.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-c4d1f879",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"238885751634166442128583152396509653157",
"59895298657500378892616105464409500433",
"75935686465706959266350947605764800405",
"83348671870336300150512931881018077314",
"127449658830366102757106907055997446859",
"251554249462285985244750146169139405978",
"205811339510662186701572902052099322589",
"260248050905771498759625208127641365248",
"43383801121743948766663513773847628782",
"265895937746636387586590196395269813037",
"206010788776418643085791317329015215377",
"297794760359623182336828162069968870602",
"189976868399299878028811205707788077295",
"234540401188890199679625417622121693592",
"196202206260082188095901167322821272349",
"328865296436160718661898996353899801848",
"131523479208015020834895338877639996611",
"154594511319165909961864226687292787916",
"268758606425552824554413156467941984578",
"95290844002098362325235949103193378929"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "source/common/http/filter_manager.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-cd856881",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"137014122581736644941949649634616250058",
"246730229577504284003757685484942479263",
"282484205210322630233033116226006704373"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "test/integration/protocol_integration_test.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-ee35240c",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"273085263394284494035921510895309665448",
"124523908738177120112220912904419152251",
"337288369654431400042209143084069981649",
"44070580584211718403256814602362107039",
"339007647399422814476594371741677637994",
"335985872020417602386257535780929226077",
"47428719981079971797424761859448303603",
"258098635964361371956759116036371995578",
"89811721389103362861827624025492319646",
"163396947693606109591927718931431256087",
"3765820827189771382792753256451520634",
"15980195575104566215857345805055876877",
"276821680312164275859886540024320584356"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "source/common/http/conn_manager_impl.cc"
},
"source": "https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136",
"id": "CVE-2021-43825-fe4d6373",
"signature_type": "Line"
}
]