{"id":"CVE-2021-43826","details":"Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.","aliases":["BIT-envoy-2021-43826","GHSA-cmx3-fvgf-83mf"],"modified":"2026-05-19T04:02:42.278761447Z","published":"2022-02-22T23:15:10.957Z","database_specific":{},"references":[{"type":"REPORT","url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"},{"type":"FIX","url":"https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"0"},{"fixed":"a79ca225f1ed924b855dff8a26bd7f7cdb84e694"},{"introduced":"68fe53a889416fd8570506232052b06f5a531541"},{"fixed":"a17cdcdfad24de101e95716b77549ba689824f25"},{"introduced":"96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e"},{"fixed":"4aaf9593152c6996b9da384c8918e9ad4f0abd4d"},{"introduced":"a9d72603c68da3a10a1c0d021d01c7877e6f2a30"},{"fixed":"af50070ee60866874b0a9383daf9364e884ded22"},{"fixed":"ce0ae309057a216aba031aff81c445c90c6ef145"}],"database_specific":{"cpe":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.18.6"},{"introduced":"1.19.0"},{"fixed":"1.19.3"},{"introduced":"1.20.0"},{"fixed":"1.20.2"},{"introduced":"1.21.0"},{"fixed":"1.21.1"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["v1.21.0","v1.20.1","v1.20.0","v1.18.4","v1.19.1","v1.19.0","v1.18.3","v1.18.2","v1.18.1","v1.18.0","v1.17.0","v1.16.0","v1.15.0","v1.14.0","v1.13.0","v1.12.0","v1.11.0","v1.10.0","v1.9.0","v1.8.0","v1.7.0","v1.6.0","v1.5.0","v1.4.0","v1.3.0","v1.2.0","v1.1.0","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43826.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}