CVE-2021-43826
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-43826
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43826.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-43826
- Aliases
- Downstream
- Related
- Published
- 2022-02-22T23:15:10.957Z
- Modified
- 2025-11-14T12:36:22.966176Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:
upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. - References
Affected packages
Git / github.com/envoyproxy/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/envoyproxy/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0
Database specific
vanir_signatures
[
{
"source": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"id": "CVE-2021-43826-0d15ab6b",
"signature_version": "v1",
"digest": {
"function_hash": "296559161755360112084384558440136934044",
"length": 808.0
},
"target": {
"file": "source/common/tcp_proxy/tcp_proxy.cc",
"function": "Filter::onDownstreamEvent"
},
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"id": "CVE-2021-43826-541b9b50",
"signature_version": "v1",
"digest": {
"function_hash": "63191530169222520921233896458439701262",
"length": 711.0
},
"target": {
"file": "source/common/tcp_proxy/tcp_proxy.cc",
"function": "Filter::onUpstreamEvent"
},
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"id": "CVE-2021-43826-7c5698d5",
"signature_version": "v1",
"digest": {
"line_hashes": [
"245673340480709380475607110780385137708",
"285494569074532567258474565032572094364",
"121492910522987967398570563042373873103",
"208903825150298770882316003860954195851"
],
"threshold": 0.9
},
"target": {
"file": "source/common/tcp_proxy/tcp_proxy.h"
},
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"id": "CVE-2021-43826-aaaa5efa",
"signature_version": "v1",
"digest": {
"line_hashes": [
"146243477446113422387021212725253250778",
"48539946143607539866181123457421037495",
"283468910120726656487263215273247794220",
"32816829629574534818331468211218975208",
"167487698232686579647343259536732486616",
"18932793910309592312745692489877318569",
"190222441294940987692714025372522320194",
"233481120278761949454860284316900076892",
"33182693539138785849824461743826464632",
"238411867963402661331142337279192022640"
],
"threshold": 0.9
},
"target": {
"file": "source/common/tcp_proxy/tcp_proxy.cc"
},
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"id": "CVE-2021-43826-d662927a",
"signature_version": "v1",
"digest": {
"line_hashes": [
"222375982320279527150068471158201686244",
"165738277750233846199418982723160704713",
"44051101608002913249948422506083140770"
],
"threshold": 0.9
},
"target": {
"file": "test/integration/tcp_tunneling_integration_test.cc"
},
"deprecated": false,
"signature_type": "Line"
}
]