CVE-2025-62409

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-62409

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62409.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62409

Aliases

BIT-envoy-2025-62409
GHSA-pq33-4jxh-hgm3

Downstream

openSUSE-SU-2025:15655-1

Related

openSUSE-SU-2025:15655-1

Published

2025-10-16T17:47:25.585Z

Modified

2026-03-23T05:06:08.870194Z

Severity

6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Envoy allows large requests and responses to cause TCP connection pool crash

Details

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1.34.9, and 1.33.10.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-476"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62409.json"
}

References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type

GIT

Repo

https://github.com/envoyproxy/envoy

Events

Introduced

63ee0dc79dce88117c6bd2df5a742f8eb67ea980

Fixed

1dbcf4d36b57c50b3887fda69e991b88eec80dd5

Database specific

{
    "versions": [
        {
            "introduced": "1.36.0"
        },
        {
            "fixed": "1.36.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/envoyproxy/envoy

Events

Introduced

84305a6cb64bd55aaf606bdd53de7cd6080427a1

Fixed

0f0984b04e4879f843a3370ad85163951b393d93

Database specific

{
    "versions": [
        {
            "introduced": "1.35.0"
        },
        {
            "fixed": "1.35.5"
        }
    ]
}

Type

GIT

Repo

https://github.com/envoyproxy/envoy

Events

Introduced

d7809ba2b07fd869d49bfb122b27f6a7977b4d94

Fixed

bae9f08572b88c27ae450e82a258621ef48936c1

Database specific

{
    "versions": [
        {
            "introduced": "1.34.0"
        },
        {
            "fixed": "1.34.9"
        }
    ]
}

Type

GIT

Repo

https://github.com/envoyproxy/envoy

Events

Introduced

Fixed

d3f17ac3a80df123150021146d66df511e87ac32

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.33.10"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.18.1

v1.18.2

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.33.1

v1.33.2

v1.33.3

v1.33.4

v1.33.5

v1.33.6

v1.33.7

v1.33.8

v1.33.9

v1.34.0

v1.34.1

v1.34.2

v1.34.3

v1.34.4

v1.34.5

v1.34.6

v1.34.7

v1.34.8

v1.35.0

v1.35.1

v1.35.2

v1.35.3

v1.35.4

v1.36.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62409.json"