Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envoyproxy | Envoy | < 1.20.2 |
Related Weaknesses (CWE)
References
- https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077ePatchThird Party Advisory
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2Issue TrackingThird Party Advisory
- https://github.com/envoyproxy/envoy/commit/bb95af848c939cfe5b5ee33c5b1770558077ePatchThird Party Advisory
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-c9g7-xwcv-pjx2Issue TrackingThird Party Advisory
FAQ
What is CVE-2022-21656?
CVE-2022-21656 is a vulnerability with a CVSS score of 7.4 (HIGH). Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "typ...
How severe is CVE-2022-21656?
CVE-2022-21656 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21656?
Check the references section above for vendor advisories and patch information. Affected products include: Envoyproxy Envoy.