{"id":"CVE-2023-27491","summary":"Envoy forwards invalid Http2/Http3 downstream headers","details":"Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.","aliases":["BIT-envoy-2023-27491","GHSA-5jmv-cw9p-f9rp"],"modified":"2026-04-10T04:56:42.374460Z","published":"2023-04-04T18:18:23.433Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/27xxx/CVE-2023-27491.json","cwe_ids":["CWE-20"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://datatracker.ietf.org/doc/html/rfc9113#section-8.3"},{"type":"WEB","url":"https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1"},{"type":"WEB","url":"https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/27xxx/CVE-2023-27491.json"},{"type":"ADVISORY","url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27491"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"9184b84cd0dcb3a6c57eb44b177d91c70e1a0901"},{"fixed":"e99d61c4596573fbea8b8a9def8b160e138a4018"}],"database_specific":{"versions":[{"introduced":"1.25.0"},{"fixed":"1.25.3"}]}},{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"15baf56003f33a07e0ab44f82f75a660040db438"},{"fixed":"d3d04156c3b05f8b4532d44e602fdd1b430c64bb"}],"database_specific":{"versions":[{"introduced":"1.24.0"},{"fixed":"1.24.4"}]}},{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"ce49c7f65668a22b80d1e83c35d170741bb8d46a"},{"fixed":"b2064ed660934383cece8c8d60393d5b0720ae4d"}],"database_specific":{"versions":[{"introduced":"1.23.0"},{"fixed":"1.23.6"}]}},{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"0"},{"fixed":"6392d12242234948b15a0fecee629f9cf8b76cee"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.22.9"}]}}],"versions":["v1.0.0","v1.1.0","v1.10.0","v1.11.0","v1.12.0","v1.13.0","v1.14.0","v1.15.0","v1.16.0","v1.17.0","v1.18.0","v1.18.1","v1.18.2","v1.19.0","v1.2.0","v1.20.0","v1.21.0","v1.22.0","v1.22.2","v1.22.3","v1.22.4","v1.22.5","v1.22.6","v1.22.7","v1.22.8","v1.23.0","v1.23.1","v1.23.2","v1.23.3","v1.23.4","v1.23.5","v1.24.0","v1.24.1","v1.24.2","v1.24.3","v1.25.0","v1.25.1","v1.25.2","v1.3.0","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.8.0","v1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27491.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}