CVE-2023-27491 MEDIUM

CVE-2023-27491: Envoy forwards invalid Http2/Http3 downstream headers

Vendor Envoyproxy

Product envoy

Weakness CWE-20 · Input validation

Published April 4, 2023

Last update February 11, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.

Key dates

02Disclosure timeline

April 4, 2023 CVE published

February 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-27491

Related vulnerabilities

Identifiers

CVE CVE-2023-27491

CWE CWE-20

CVSS 5.4 / MEDIUM

Affected versions

Vendor Envoyproxy

Product envoy

Affected >= 1.25.0, < 1.25.3

Vendor Envoyproxy

Product envoy

Affected >= 1.24.0, < 1.24.4

Vendor Envoyproxy

Product envoy

Affected >= 1.23.0, < 1.23.6

Vendor Envoyproxy

Product envoy

Affected < 1.22.9

CVE-2023-27491: Envoy forwards invalid Http2/Http3 downstream headers

01Description

02Disclosure timeline

03References

04Related CVE