Remotely Exploitable Crash in Envoy 1.14.0: HTTP2 Metadata Reachable Assertion Vulnerability

Remotely Exploitable Crash in Envoy 1.14.0: HTTP2 Metadata Reachable Assertion Vulnerability

CVE-2021-29258 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.

Learn more about our Web Application Penetration Testing UK.