{"id":"CVE-2021-43825","details":"Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service.","aliases":["BIT-envoy-2021-43825"],"modified":"2026-03-13T22:14:08.112489Z","published":"2022-02-22T23:15:10.890Z","related":["GHSA-h69p-g6xg-mhhh"],"references":[{"type":"REPORT","url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"},{"type":"FIX","url":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"0"},{"fixed":"a79ca225f1ed924b855dff8a26bd7f7cdb84e694"},{"introduced":"68fe53a889416fd8570506232052b06f5a531541"},{"fixed":"a17cdcdfad24de101e95716b77549ba689824f25"},{"introduced":"96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e"},{"fixed":"4aaf9593152c6996b9da384c8918e9ad4f0abd4d"},{"introduced":"a9d72603c68da3a10a1c0d021d01c7877e6f2a30"},{"fixed":"af50070ee60866874b0a9383daf9364e884ded22"},{"fixed":"148de954ed3585d8b4298b424aa24916d0de6136"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.18.6"},{"introduced":"1.19.0"},{"fixed":"1.19.3"},{"introduced":"1.20.0"},{"fixed":"1.20.2"},{"introduced":"1.21.0"},{"fixed":"1.21.1"}]}}],"versions":["v1.19.0","v1.19.1","v1.20.0","v1.20.1","v1.21.0"],"database_specific":{"vanir_signatures":[{"target":{"file":"source/common/tcp_proxy/tcp_proxy.h"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Line","id":"CVE-2021-43825-097fed22","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["245673340480709380475607110780385137708","285494569074532567258474565032572094364","121492910522987967398570563042373873103","208903825150298770882316003860954195851"]},"signature_version":"v1"},{"target":{"file":"source/common/http/conn_manager_impl.cc","function":"ConnectionManagerImpl::doEndStream"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Function","id":"CVE-2021-43825-0a813293","deprecated":false,"digest":{"function_hash":"311275383152118931784984301961199794352","length":1609},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc","function":"Filter::onUpstreamEvent"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Function","id":"CVE-2021-43825-0e4fc27e","deprecated":false,"digest":{"function_hash":"63191530169222520921233896458439701262","length":711},"signature_version":"v1"},{"target":{"file":"source/common/http/conn_manager_impl.cc","function":"ConnectionManagerImpl::ActiveStream::encodeHeaders"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Function","id":"CVE-2021-43825-21f7e5ce","deprecated":false,"digest":{"function_hash":"168923569037349337459400675916926209481","length":3749},"signature_version":"v1"},{"target":{"file":"source/common/http/filter_manager.cc","function":"FilterManager::maybeEndDecode"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Function","id":"CVE-2021-43825-240400cf","deprecated":false,"digest":{"function_hash":"315532894027945407581370801278592550835","length":311},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Line","id":"CVE-2021-43825-25d456d2","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["146243477446113422387021212725253250778","38867459780981627133568037950540228786","247042036583305394760031334831783811398","325013980647195303750429821852338176203","190222441294940987692714025372522320194","233481120278761949454860284316900076892","33182693539138785849824461743826464632","238411867963402661331142337279192022640"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc","function":"Filter::onDownstreamEvent"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Function","id":"CVE-2021-43825-3fe0ae84","deprecated":false,"digest":{"function_hash":"243442652017391788382200176589855195754","length":648},"signature_version":"v1"},{"target":{"file":"test/integration/tcp_tunneling_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Line","id":"CVE-2021-43825-49af67d3","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["48555961344162091530114484247512887348","262502622330308196055685632396206527810","44051101608002913249948422506083140770"]},"signature_version":"v1"},{"target":{"file":"test/integration/tcp_tunneling_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Line","id":"CVE-2021-43825-4f2f527a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["48555961344162091530114484247512887348","262502622330308196055685632396206527810","44051101608002913249948422506083140770"]},"signature_version":"v1"},{"target":{"file":"source/common/http/filter_manager.h","function":"remoteComplete"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Function","id":"CVE-2021-43825-6aef66dd","deprecated":false,"digest":{"function_hash":"97833949759316060733099611660179319905","length":63},"signature_version":"v1"},{"target":{"file":"source/common/http/filter_manager.h"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Line","id":"CVE-2021-43825-72f1da2c","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["186397651917258797772294565996541473347","68918047758628887814851969596077849009","259878721034296135000489742308475202567","83428145836199727226224128539505869894","282485623446623018687962592705810582220","45407368377792007335309114367446598361","183322861732672934581824186547731237780","231878033675116725973461507198017152843","205589801302643637649102184334139709236","225432527720844868163757606818968780585","321005722655747623362238623034832090730","336549933460513408083555293590786914395","67618496987210944356518979886139582458","154508291562220529247438777288137816702","232341066113239013082104778507613652942","340088901971753172180621979083024012940","60372707688995110817879007932124230425","114153931525715146597711593185932890215"]},"signature_version":"v1"},{"target":{"file":"source/common/http/filter_manager.cc","function":"ActiveStreamEncoderFilter::responseDataTooLarge"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Function","id":"CVE-2021-43825-7315cf62","deprecated":false,"digest":{"function_hash":"230926030186833463017415307976734094308","length":445},"signature_version":"v1"},{"target":{"file":"source/common/conn_pool/conn_pool_base.cc","function":"ConnPoolImplBase::checkForIdleAndCloseIdleConnsIfDraining"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Function","id":"CVE-2021-43825-750e7fbb","deprecated":false,"digest":{"function_hash":"43013079311173114698727080572662162328","length":338},"signature_version":"v1"},{"target":{"file":"source/common/conn_pool/conn_pool_base.h"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","id":"CVE-2021-43825-75516c6f","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["238363169343804913942300291017684487943","281075802092293195505541183629950851527","190309091056183134939303314630437286332","1336839216182560585869212455485126136","91854374677920975889051724337189261314","176073550574850004587196271703191506168","54303611712421497849276770032572170236","89596254872871249889385232134194772639","232868586170569298338666905475474416875","68418232771506422252069681807775341343"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc","function":"Filter::onUpstreamEvent"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Function","id":"CVE-2021-43825-8a3c3605","deprecated":false,"digest":{"function_hash":"63191530169222520921233896458439701262","length":711},"signature_version":"v1"},{"target":{"file":"source/common/http/filter_manager.cc","function":"FilterManager::maybeEndEncode"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Function","id":"CVE-2021-43825-9976ca24","deprecated":false,"digest":{"function_hash":"277442276636326879712231514311045857557","length":118},"signature_version":"v1"},{"target":{"file":"test/integration/tcp_tunneling_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Line","id":"CVE-2021-43825-9c39651a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["222375982320279527150068471158201686244","165738277750233846199418982723160704713","44051101608002913249948422506083140770"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc","function":"Filter::onDownstreamEvent"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Function","id":"CVE-2021-43825-a6789e61","deprecated":false,"digest":{"function_hash":"296559161755360112084384558440136934044","length":808},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc","function":"Filter::onDownstreamEvent"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Function","id":"CVE-2021-43825-abeb66c1","deprecated":false,"digest":{"function_hash":"243442652017391788382200176589855195754","length":648},"signature_version":"v1"},{"target":{"file":"test/integration/cds_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","id":"CVE-2021-43825-bf50e605","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["97652407307682118633090827808836069896","202222073443799289957911450767890213833","115564202354952612799820744008677299818","100865938374520508671052066897428637482","266358857140130331037141171435995735386","241277250285489246241581928533925069698","112864798336767260895615422020255373801","326344252156913283305823248376635974319","149501076714298581724217944116072240117","20851967513280832025446682514306651511","101660301215173511645125806388931558046","161983258376373368998625288716073445864","125013157627477663648794220335175813129","114297756736507093046297363714182913184","326342629182717535494243166437244508087","129503348076797258550455082149053172774","6063454819406071701935832397149074681","25450544109902264946434894665349483615","14209541420216802153449926603071335280","28083104488430351869423149520385632380","27329837804645812211356628610675816305"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.h"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Line","id":"CVE-2021-43825-c143ebbc","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["245673340480709380475607110780385137708","285494569074532567258474565032572094364","189982742750395040949615227195286815818","260972069293896305361331050164952443697"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Line","id":"CVE-2021-43825-c4824ee2","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["146243477446113422387021212725253250778","38867459780981627133568037950540228786","247042036583305394760031334831783811398","325013980647195303750429821852338176203","190222441294940987692714025372522320194","233481120278761949454860284316900076892","33182693539138785849824461743826464632","238411867963402661331142337279192022640"]},"signature_version":"v1"},{"target":{"file":"source/common/http/filter_manager.cc","function":"ActiveStreamDecoderFilter::complete"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Function","id":"CVE-2021-43825-c4d1f879","deprecated":false,"digest":{"function_hash":"13534296838354325889420825675334511499","length":96},"signature_version":"v1"},{"target":{"file":"source/common/http/filter_manager.cc"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Line","id":"CVE-2021-43825-cd856881","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["238885751634166442128583152396509653157","59895298657500378892616105464409500433","75935686465706959266350947605764800405","83348671870336300150512931881018077314","127449658830366102757106907055997446859","251554249462285985244750146169139405978","205811339510662186701572902052099322589","260248050905771498759625208127641365248","43383801121743948766663513773847628782","265895937746636387586590196395269813037","206010788776418643085791317329015215377","297794760359623182336828162069968870602","189976868399299878028811205707788077295","234540401188890199679625417622121693592","196202206260082188095901167322821272349","328865296436160718661898996353899801848","131523479208015020834895338877639996611","154594511319165909961864226687292787916","268758606425552824554413156467941984578","95290844002098362325235949103193378929"]},"signature_version":"v1"},{"target":{"file":"test/config/utility.h"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","id":"CVE-2021-43825-ce5c4e8e","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["150676539833679190158940891882333303963","27409818851555323095073296906901027733","55324179392422643085196396072729602785"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.h"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Line","id":"CVE-2021-43825-cf3745ce","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["26722413740939448104101388019871754100","285494569074532567258474565032572094364","189982742750395040949615227195286815818","260972069293896305361331050164952443697"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Line","id":"CVE-2021-43825-d54b575d","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["146243477446113422387021212725253250778","48539946143607539866181123457421037495","283468910120726656487263215273247794220","32816829629574534818331468211218975208","167487698232686579647343259536732486616","18932793910309592312745692489877318569","190222441294940987692714025372522320194","233481120278761949454860284316900076892","33182693539138785849824461743826464632","238411867963402661331142337279192022640"]},"signature_version":"v1"},{"target":{"file":"source/common/conn_pool/conn_pool_base.cc","function":"ConnPoolImplBase::closeIdleConnectionsForDrainingPool"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Function","id":"CVE-2021-43825-dc8d3820","deprecated":false,"digest":{"function_hash":"83990222759686494038875668905777786185","length":528},"signature_version":"v1"},{"target":{"file":"test/integration/protocol_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Line","id":"CVE-2021-43825-ee35240c","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["137014122581736644941949649634616250058","246730229577504284003757685484942479263","282484205210322630233033116226006704373"]},"signature_version":"v1"},{"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc","function":"Filter::onUpstreamEvent"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Function","id":"CVE-2021-43825-efb2c5e4","deprecated":false,"digest":{"function_hash":"63191530169222520921233896458439701262","length":711},"signature_version":"v1"},{"target":{"file":"source/common/conn_pool/conn_pool_base.cc"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","id":"CVE-2021-43825-f0c98cd4","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["211063805449318930197667500157467379330","238149429280769817104751274898789662521","155508904057016497276277837828561242331","306263256694188145409853147140795887683","24621026682503930056724633583760538450","210759516705868193041331552012792706907","268100365964683135363265243678321089408","116993638250131326183953285211810091083","57246520075670457973995740670893215413","194433285147185661463287816608904302305","245699478661219870215728951569204544048","286440446911758131586479113237388457926","33382072507043576477734303938545662581","298229981597606534667320296045042459684","173090808602105440099610064642968627733","210942585548006467924962946211585504886","193341038770066763728097793037333651465","340006873902019806079016649741212930377","286206063645562425499514746822691310145","291017590637862723045538078816014658015"]},"signature_version":"v1"},{"target":{"file":"source/common/http/conn_manager_impl.cc"},"source":"https://github.com/envoyproxy/envoy/commit/148de954ed3585d8b4298b424aa24916d0de6136","signature_type":"Line","id":"CVE-2021-43825-fe4d6373","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["273085263394284494035921510895309665448","124523908738177120112220912904419152251","337288369654431400042209143084069981649","44070580584211718403256814602362107039","339007647399422814476594371741677637994","335985872020417602386257535780929226077","47428719981079971797424761859448303603","258098635964361371956759116036371995578","89811721389103362861827624025492319646","163396947693606109591927718931431256087","3765820827189771382792753256451520634","15980195575104566215857345805055876877","276821680312164275859886540024320584356"]},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43825.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}