{"id":"CVE-2022-21656","summary":"X.509 subjectAltName matching bypass in Envoy","details":"Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a \"type confusion\" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.","aliases":["BIT-envoy-2022-21656","GHSA-c9g7-xwcv-pjx2"],"modified":"2026-04-11T18:44:55.772243Z","published":"2022-02-22T22:25:11Z","database_specific":{"cwe_ids":["CWE-295"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21656.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21656.json"},{"type":"ADVISORY","url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21656"},{"type":"FIX","url":"https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077e64e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"0"},{"fixed":"4aaf9593152c6996b9da384c8918e9ad4f0abd4d"}]}],"versions":["v1.0.0","v1.1.0","v1.10.0","v1.11.0","v1.12.0","v1.13.0","v1.14.0","v1.15.0","v1.16.0","v1.17.0","v1.18.0","v1.18.1","v1.18.2","v1.19.0","v1.2.0","v1.20.0","v1.20.1","v1.3.0","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.8.0","v1.9.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T18:44:55Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21656.json","vanir_signatures":[{"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_version":"v1","signature_type":"Function","id":"CVE-2022-21656-750e7fbb","deprecated":false,"target":{"function":"ConnPoolImplBase::checkForIdleAndCloseIdleConnsIfDraining","file":"source/common/conn_pool/conn_pool_base.cc"},"digest":{"length":338,"function_hash":"43013079311173114698727080572662162328"}},{"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_version":"v1","signature_type":"Line","id":"CVE-2022-21656-75516c6f","deprecated":false,"target":{"file":"source/common/conn_pool/conn_pool_base.h"},"digest":{"threshold":0.9,"line_hashes":["238363169343804913942300291017684487943","281075802092293195505541183629950851527","190309091056183134939303314630437286332","1336839216182560585869212455485126136","91854374677920975889051724337189261314","176073550574850004587196271703191506168","54303611712421497849276770032572170236","89596254872871249889385232134194772639","232868586170569298338666905475474416875","68418232771506422252069681807775341343"]}},{"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_version":"v1","signature_type":"Line","id":"CVE-2022-21656-bf50e605","deprecated":false,"target":{"file":"test/integration/cds_integration_test.cc"},"digest":{"threshold":0.9,"line_hashes":["97652407307682118633090827808836069896","202222073443799289957911450767890213833","115564202354952612799820744008677299818","100865938374520508671052066897428637482","266358857140130331037141171435995735386","241277250285489246241581928533925069698","112864798336767260895615422020255373801","326344252156913283305823248376635974319","149501076714298581724217944116072240117","20851967513280832025446682514306651511","101660301215173511645125806388931558046","161983258376373368998625288716073445864","125013157627477663648794220335175813129","114297756736507093046297363714182913184","326342629182717535494243166437244508087","129503348076797258550455082149053172774","6063454819406071701935832397149074681","25450544109902264946434894665349483615","14209541420216802153449926603071335280","28083104488430351869423149520385632380","27329837804645812211356628610675816305"]}},{"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_version":"v1","signature_type":"Line","id":"CVE-2022-21656-ce5c4e8e","deprecated":false,"target":{"file":"test/config/utility.h"},"digest":{"threshold":0.9,"line_hashes":["150676539833679190158940891882333303963","27409818851555323095073296906901027733","55324179392422643085196396072729602785"]}},{"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_version":"v1","signature_type":"Function","id":"CVE-2022-21656-dc8d3820","deprecated":false,"target":{"function":"ConnPoolImplBase::closeIdleConnectionsForDrainingPool","file":"source/common/conn_pool/conn_pool_base.cc"},"digest":{"length":528,"function_hash":"83990222759686494038875668905777786185"}},{"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_version":"v1","signature_type":"Line","id":"CVE-2022-21656-f0c98cd4","deprecated":false,"target":{"file":"source/common/conn_pool/conn_pool_base.cc"},"digest":{"threshold":0.9,"line_hashes":["211063805449318930197667500157467379330","238149429280769817104751274898789662521","155508904057016497276277837828561242331","306263256694188145409853147140795887683","24621026682503930056724633583760538450","210759516705868193041331552012792706907","268100365964683135363265243678321089408","116993638250131326183953285211810091083","57246520075670457973995740670893215413","194433285147185661463287816608904302305","245699478661219870215728951569204544048","286440446911758131586479113237388457926","33382072507043576477734303938545662581","298229981597606534667320296045042459684","173090808602105440099610064642968627733","210942585548006467924962946211585504886","193341038770066763728097793037333651465","340006873902019806079016649741212930377","286206063645562425499514746822691310145","291017590637862723045538078816014658015"]}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}