Bug 1200401 - (CVE-2022-29224) VUL-0: CVE-2022-29224: envoy-proxy: Segfault in GrpcHealthCheckerImpl
(CVE-2022-29224)
VUL-0: CVE-2022-29224: envoy-proxy: Segfault in GrpcHealthCheckerImpl
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Wolfgang Engel
Security Team bot
https://smash.suse.de/issue/334100/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-06-10 07:05 UTC by Carlos López
Modified: 2022-06-10 07:15 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-06-10 07:05:43 UTC
rh#2088738

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to
1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy
can perform various types of upstream health checking. One of them uses gRPC.
Envoy also has a feature which can “hold� (prevent removal) upstream hosts
obtained via service discovery until configured active health checking fails. If
an attacker controls an upstream host and also controls service discovery of
that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing
removal of the host from service discovery, and then failing the gRPC health
check request. This will crash Envoy via a null pointer dereference. Users are
advised to upgrade to resolve this vulnerability. Users unable to upgrade may
disable gRPC health checking and/or replace it with a different health checking
type as a mitigation.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2088738
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29224
https://github.com/envoyproxy/envoy/commit/9b1c3962172a972bc0359398af6daa3790bb59db
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29224
https://github.com/envoyproxy/envoy/security/advisories/GHSA-m4j9-86g3-8f49