CVE-2021-32781 log

Severity High
Remote Yes
Type Arbitrary code execution
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that affects Envoy’s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies. Modifying and increasing the size of the body in an Envoy extension beyond the internal buffer size could lead to Envoy accessing deallocated memory and terminating abnormally.
Group Package Affected Fixed Severity Status Ticket
AVG-2321 istio 1.11.0-1 1.11.1-1 High Fixed