CVE-2022-29228
Reachable assertion in Envoy
In short
Envoy's OAuth filter incorrectly processes remaining filters after sending a response, causing crashes or memory corruption. This happens because the filter continues execution when it shouldn't, breaking the expected response flow.
Technical detail
The OAuth filter in Envoy invokes continueDecoding() after emitting a local response, violating the filter chain protocol. This triggers assertion failures in patched versions and leads to memory corruption in earlier versions. The vulnerability affects the proxy's request handling logic when OAuth authentication completes.
Summary generated and translated by AI from the official description.
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
envoyproxy · envoyWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →