CVE-2025-66220

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-66220
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-66220.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-66220
Aliases
Published
2025-12-03T18:31:50.389Z
Modified
2025-12-07T04:10:01.025506Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte
Details

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66220.json",
    "cwe_ids": [
        "CWE-170"
    ]
}
References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
63ee0dc79dce88117c6bd2df5a742f8eb67ea980
Last affected
dc2d3098ae5641555f15c71d5bb5ce0060a8015c
Database specific 
{
    "versions": [
        {
            "introduced": "1.36.0"
        },
        {
            "last_affected": "1.36.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
84305a6cb64bd55aaf606bdd53de7cd6080427a1
Last affected
0d240c4b0f5b5db91ef14b1bf424520144b1a75d
Database specific 
{
    "versions": [
        {
            "introduced": "1.35.0"
        },
        {
            "last_affected": "1.35.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
d7809ba2b07fd869d49bfb122b27f6a7977b4d94
Last affected
40ab4828a48f05103573ddee3c807dfa0e3e23f7
Database specific 
{
    "versions": [
        {
            "introduced": "1.34.0"
        },
        {
            "last_affected": "1.34.10"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d602fb5d4af3ef3740621590e59187233398e0c0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.33.12"
        }
    ]
}

Affected versions

v1.*

v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.33.10
v1.33.11
v1.33.12
v1.33.2
v1.33.3
v1.33.4
v1.33.5
v1.33.6
v1.33.7
v1.33.8
v1.33.9
v1.34.0
v1.34.1
v1.34.10
v1.34.2
v1.34.3
v1.34.4
v1.34.5
v1.34.6
v1.34.7
v1.34.8
v1.34.9
v1.35.0
v1.35.1
v1.35.2
v1.35.3
v1.35.4
v1.35.5
v1.35.6
v1.36.0
v1.36.1
v1.36.2
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0