CVE-2021-28683 : Security Advisory and Response
Learn about CVE-2021-28683 affecting Envoy versions up to 1.71.1, leading to remote exploit of a TLS crash. Find mitigation steps and long-term prevention measures.
An issue was discovered in Envoy through 1.71.1 that leads to a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
Understanding CVE-2021-28683
This vulnerability affects Envoy up to version 1.71.1, causing a NULL pointer dereference and crash in TLS under certain conditions.
What is CVE-2021-28683?
CVE-2021-28683 is a security flaw in Envoy that allows for a remote attacker to exploit a NULL pointer dereference issue leading to a crash in TLS communication upon receiving an unknown TLS alert code.
The Impact of CVE-2021-28683
The impact of this CVE is significant as it can be exploited remotely by an attacker to cause a denial of service (DoS) condition by crashing the affected TLS services.
Technical Details of CVE-2021-28683
This section provides more insights into the vulnerability.
Vulnerability Description
The vulnerability in Envoy through 1.71.1 allows for a NULL pointer dereference and subsequent crash in TLS when handling an unknown TLS alert code.
Affected Systems and Versions
All versions of Envoy up to and including 1.71.1 are affected by CVE-2021-28683.
Exploitation Mechanism
Remote attackers can exploit this vulnerability by sending a specially crafted unknown TLS alert code to the target system, triggering the NULL pointer dereference and subsequent service crash.
Mitigation and Prevention
To prevent exploitation of this vulnerability, follow the steps below.
Immediate Steps to Take
- Update Envoy to version 1.71.2 or newer to mitigate the CVE-2021-28683 vulnerability.
- Monitor for any unusual TLS alert codes being received by the Envoy server.
Long-Term Security Practices
- Regularly update and patch Envoy to the latest version to address known security issues.
- Implement network security measures to monitor and filter potentially malicious network traffic.
Patching and Updates
Stay informed about security advisories from Envoy and promptly apply any patches or updates released by the vendor to stay protected against vulnerabilities.