{"id":"CVE-2022-21655","summary":"Incorrect handling of internal redirects results in crash in Envoy","details":"Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener.","aliases":["BIT-envoy-2022-21655","GHSA-7r5p-7fmh-jxpg"],"modified":"2026-04-21T11:01:00.391138Z","published":"2022-02-22T22:40:11Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21655.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-670"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21655.json"},{"type":"ADVISORY","url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21655"},{"type":"FIX","url":"https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"0"},{"fixed":"a79ca225f1ed924b855dff8a26bd7f7cdb84e694"},{"introduced":"68fe53a889416fd8570506232052b06f5a531541"},{"fixed":"a17cdcdfad24de101e95716b77549ba689824f25"},{"introduced":"96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e"},{"fixed":"4aaf9593152c6996b9da384c8918e9ad4f0abd4d"},{"introduced":"a9d72603c68da3a10a1c0d021d01c7877e6f2a30"},{"fixed":"af50070ee60866874b0a9383daf9364e884ded22"},{"fixed":"177d608155ba8b11598b9bbf8240e90d8c350682"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.18.6"},{"introduced":"1.19.0"},{"fixed":"1.19.3"},{"introduced":"1.20.0"},{"fixed":"1.20.2"},{"introduced":"1.21.0"},{"fixed":"1.21.1"}]}}],"versions":["v1.0.0","v1.1.0","v1.10.0","v1.11.0","v1.12.0","v1.13.0","v1.14.0","v1.15.0","v1.16.0","v1.17.0","v1.18.0","v1.18.1","v1.18.2","v1.18.3","v1.18.4","v1.19.0","v1.19.1","v1.2.0","v1.20.0","v1.20.1","v1.21.0","v1.3.0","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.8.0","v1.9.0"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["245673340480709380475607110780385137708","285494569074532567258474565032572094364","121492910522987967398570563042373873103","208903825150298770882316003860954195851"]},"target":{"file":"source/common/tcp_proxy/tcp_proxy.h"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-097fed22"},{"digest":{"length":711,"function_hash":"63191530169222520921233896458439701262"},"target":{"function":"Filter::onUpstreamEvent","file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-0e4fc27e"},{"digest":{"threshold":0.9,"line_hashes":["146243477446113422387021212725253250778","38867459780981627133568037950540228786","247042036583305394760031334831783811398","325013980647195303750429821852338176203","190222441294940987692714025372522320194","233481120278761949454860284316900076892","33182693539138785849824461743826464632","238411867963402661331142337279192022640"]},"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-25d456d2"},{"digest":{"length":648,"function_hash":"243442652017391788382200176589855195754"},"target":{"function":"Filter::onDownstreamEvent","file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-3fe0ae84"},{"digest":{"threshold":0.9,"line_hashes":["48555961344162091530114484247512887348","262502622330308196055685632396206527810","44051101608002913249948422506083140770"]},"target":{"file":"test/integration/tcp_tunneling_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-49af67d3"},{"digest":{"threshold":0.9,"line_hashes":["48555961344162091530114484247512887348","262502622330308196055685632396206527810","44051101608002913249948422506083140770"]},"target":{"file":"test/integration/tcp_tunneling_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-4f2f527a"},{"digest":{"threshold":0.9,"line_hashes":["45613686312260950737135134397166501895","338012678256540863622513543718220637660","7297119870967052546801797240626099631","247180086031201035208666501485772799098","16728396912437668605071045083632776137","257510503091431167213661603821868589860"]},"target":{"file":"test/integration/redirect_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-549f24e6"},{"digest":{"threshold":0.9,"line_hashes":["87311143578717653510788067098801078367","106254966134682117463031527144421159638","51186563937887498140384774266930804183","15555755050758794610604771129627183365"]},"target":{"file":"source/common/router/router.cc"},"source":"https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-5d11234f"},{"digest":{"length":338,"function_hash":"43013079311173114698727080572662162328"},"target":{"function":"ConnPoolImplBase::checkForIdleAndCloseIdleConnsIfDraining","file":"source/common/conn_pool/conn_pool_base.cc"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-750e7fbb"},{"digest":{"threshold":0.9,"line_hashes":["238363169343804913942300291017684487943","281075802092293195505541183629950851527","190309091056183134939303314630437286332","1336839216182560585869212455485126136","91854374677920975889051724337189261314","176073550574850004587196271703191506168","54303611712421497849276770032572170236","89596254872871249889385232134194772639","232868586170569298338666905475474416875","68418232771506422252069681807775341343"]},"target":{"file":"source/common/conn_pool/conn_pool_base.h"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-75516c6f"},{"digest":{"length":4277,"function_hash":"198489193659595086675055778070351761952"},"target":{"function":"Filter::convertRequestHeadersForInternalRedirect","file":"source/common/router/router.cc"},"source":"https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-84b95675"},{"digest":{"length":711,"function_hash":"63191530169222520921233896458439701262"},"target":{"function":"Filter::onUpstreamEvent","file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-8a3c3605"},{"digest":{"threshold":0.9,"line_hashes":["222375982320279527150068471158201686244","165738277750233846199418982723160704713","44051101608002913249948422506083140770"]},"target":{"file":"test/integration/tcp_tunneling_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-9c39651a"},{"digest":{"length":834,"function_hash":"296475283064599592077979295437376310111"},"target":{"function":"TEST_F","file":"test/common/router/router_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-a15aba40"},{"digest":{"length":808,"function_hash":"296559161755360112084384558440136934044"},"target":{"function":"Filter::onDownstreamEvent","file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-a6789e61"},{"digest":{"threshold":0.9,"line_hashes":["323816514832605512014496329274374014407","142503796014471976721708769148618708246","135561417515728789771702908654211480617","306311858572727420720059895425699440660","205854072539782977339646507079192835813","330472346353953558480045024477514582776","108173650909399098270720315768528040992","45958340256836379623386342299652267147","136487268165856858246740416567177500360","196901268602147502298788340602389524042","309751168451733275246026066747852478720","127056712913009264952903899559054796627","319416632197267345638730223097511593090","322070492136369161073684045615529408064","21972297930645091629499479707472311098","218906627829406050603466893389574343784"]},"target":{"file":"test/common/router/router_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-aac4acae"},{"digest":{"length":648,"function_hash":"243442652017391788382200176589855195754"},"target":{"function":"Filter::onDownstreamEvent","file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-abeb66c1"},{"digest":{"threshold":0.9,"line_hashes":["97652407307682118633090827808836069896","202222073443799289957911450767890213833","115564202354952612799820744008677299818","100865938374520508671052066897428637482","266358857140130331037141171435995735386","241277250285489246241581928533925069698","112864798336767260895615422020255373801","326344252156913283305823248376635974319","149501076714298581724217944116072240117","20851967513280832025446682514306651511","101660301215173511645125806388931558046","161983258376373368998625288716073445864","125013157627477663648794220335175813129","114297756736507093046297363714182913184","326342629182717535494243166437244508087","129503348076797258550455082149053172774","6063454819406071701935832397149074681","25450544109902264946434894665349483615","14209541420216802153449926603071335280","28083104488430351869423149520385632380","27329837804645812211356628610675816305"]},"target":{"file":"test/integration/cds_integration_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-bf50e605"},{"digest":{"threshold":0.9,"line_hashes":["245673340480709380475607110780385137708","285494569074532567258474565032572094364","189982742750395040949615227195286815818","260972069293896305361331050164952443697"]},"target":{"file":"source/common/tcp_proxy/tcp_proxy.h"},"source":"https://github.com/envoyproxy/envoy/commit/a17cdcdfad24de101e95716b77549ba689824f25","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-c143ebbc"},{"digest":{"threshold":0.9,"line_hashes":["146243477446113422387021212725253250778","38867459780981627133568037950540228786","247042036583305394760031334831783811398","325013980647195303750429821852338176203","190222441294940987692714025372522320194","233481120278761949454860284316900076892","33182693539138785849824461743826464632","238411867963402661331142337279192022640"]},"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-c4824ee2"},{"digest":{"threshold":0.9,"line_hashes":["150676539833679190158940891882333303963","27409818851555323095073296906901027733","55324179392422643085196396072729602785"]},"target":{"file":"test/config/utility.h"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-ce5c4e8e"},{"digest":{"threshold":0.9,"line_hashes":["26722413740939448104101388019871754100","285494569074532567258474565032572094364","189982742750395040949615227195286815818","260972069293896305361331050164952443697"]},"target":{"file":"source/common/tcp_proxy/tcp_proxy.h"},"source":"https://github.com/envoyproxy/envoy/commit/a79ca225f1ed924b855dff8a26bd7f7cdb84e694","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-cf3745ce"},{"digest":{"threshold":0.9,"line_hashes":["146243477446113422387021212725253250778","48539946143607539866181123457421037495","283468910120726656487263215273247794220","32816829629574534818331468211218975208","167487698232686579647343259536732486616","18932793910309592312745692489877318569","190222441294940987692714025372522320194","233481120278761949454860284316900076892","33182693539138785849824461743826464632","238411867963402661331142337279192022640"]},"target":{"file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-d54b575d"},{"digest":{"length":528,"function_hash":"83990222759686494038875668905777786185"},"target":{"function":"ConnPoolImplBase::closeIdleConnectionsForDrainingPool","file":"source/common/conn_pool/conn_pool_base.cc"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-dc8d3820"},{"digest":{"length":1476,"function_hash":"323670669501918354800705375702988531651"},"target":{"function":"TEST_F","file":"test/common/router/router_test.cc"},"source":"https://github.com/envoyproxy/envoy/commit/177d608155ba8b11598b9bbf8240e90d8c350682","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-e57f4ae5"},{"digest":{"length":711,"function_hash":"63191530169222520921233896458439701262"},"target":{"function":"Filter::onUpstreamEvent","file":"source/common/tcp_proxy/tcp_proxy.cc"},"source":"https://github.com/envoyproxy/envoy/commit/af50070ee60866874b0a9383daf9364e884ded22","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-efb2c5e4"},{"digest":{"threshold":0.9,"line_hashes":["211063805449318930197667500157467379330","238149429280769817104751274898789662521","155508904057016497276277837828561242331","306263256694188145409853147140795887683","24621026682503930056724633583760538450","210759516705868193041331552012792706907","268100365964683135363265243678321089408","116993638250131326183953285211810091083","57246520075670457973995740670893215413","194433285147185661463287816608904302305","245699478661219870215728951569204544048","286440446911758131586479113237388457926","33382072507043576477734303938545662581","298229981597606534667320296045042459684","173090808602105440099610064642968627733","210942585548006467924962946211585504886","193341038770066763728097793037333651465","340006873902019806079016649741212930377","286206063645562425499514746822691310145","291017590637862723045538078816014658015"]},"target":{"file":"source/common/conn_pool/conn_pool_base.cc"},"source":"https://github.com/envoyproxy/envoy/commit/4aaf9593152c6996b9da384c8918e9ad4f0abd4d","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2022-21655-f0c98cd4"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21655.json","vanir_signatures_modified":"2026-04-21T11:01:00Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}