CVE-2022-29228

CVE Details

Release Date:2022-06-09

Description


Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn't ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.

See more information about CVE-2022-29228 from MITRE CVE dictionary and NIST NVD


CVSS v3.0 metrics


NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score: 7.5 Base Metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector: Network Attack Complexity: Low
Privileges Required: None User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (cri-o)ELSA-2022-95892022-07-12
Oracle Linux version 7 (cri-tools)ELSA-2022-95892022-07-12
Oracle Linux version 7 (etcd)ELSA-2022-95892022-07-12
Oracle Linux version 7 (istio)ELSA-2022-95872022-07-11
Oracle Linux version 7 (istio)ELSA-2022-95892022-07-12
Oracle Linux version 7 (kata)ELSA-2022-95892022-07-12
Oracle Linux version 7 (kubernetes)ELSA-2022-95892022-07-12
Oracle Linux version 7 (olcne)ELSA-2022-95872022-07-11
Oracle Linux version 7 (olcne)ELSA-2022-95892022-07-12
Oracle Linux version 8 (cri-o)ELSA-2022-95882022-07-12
Oracle Linux version 8 (cri-tools)ELSA-2022-95882022-07-12
Oracle Linux version 8 (etcd)ELSA-2022-95882022-07-12
Oracle Linux version 8 (istio)ELSA-2022-95862022-07-11
Oracle Linux version 8 (istio)ELSA-2022-95882022-07-12
Oracle Linux version 8 (kata)ELSA-2022-95882022-07-12
Oracle Linux version 8 (kubernetes)ELSA-2022-95882022-07-12
Oracle Linux version 8 (olcne)ELSA-2022-95862022-07-11
Oracle Linux version 8 (olcne)ELSA-2022-95882022-07-12



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete