The Backend Engineering Show with Hussein Nasser

Envoy Proxy Fixes Two Zero Day vulnerabilities (UDP Proxy, TCP Proxy)

Listen Later

The Envoy Proxy fixed two zero day vulnerabilities, from Envoy groups :

We are announcing the fixes for two zero days that were identified today:

  1. Crash in UDP proxy when datagram size is > 1500. This can happen if either MTU > 1500 or if fragmented datagrams are forwarded and reassembled: https://github.com/envoyproxy/envoy/pull/14122. This issue was already under embargo and a new issue was opened in public GitHub.
  2. Proxy proto downstream address not restored correctly for non-HTTP connectionshttps://github.com/envoyproxy/envoy/pull/14131. This issue was opened publicly recently but the security implications were not clear at the time. This will affect logging and network level RBAC for non-HTTP network connections.

    3. Resources

    https://groups.google.com/g/envoy-security-announce/c/aqtBt5VUor0

    0:00

    0:20 UDP Proxy Crash

    2:15 Incorrect Downstream Remote Address

    ...more
    View all episodesView all episodes
    Download on the App Store
    The Backend Engineering Show with Hussein NasserBy Hussein Nasser
    • 4.9
    • 4.9
    • 4.9
    • 4.9
    • 4.9

    4.9

    40 ratings

    More shows like The Backend Engineering Show with Hussein Nasser

    View all
    Freakonomics Radio by Freakonomics Radio + Stitcher

    Freakonomics Radio

    32,245 Listeners

    Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

    Software Engineering Radio - the podcast for professional software developers

    273 Listeners

    Risky Business by Patrick Gray

    Risky Business

    373 Listeners

    Science Vs by Spotify Studios

    Science Vs

    12,165 Listeners

    Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

    Syntax - Tasty Web Development Treats

    989 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,110 Listeners

    Practical AI by Practical AI LLC

    Practical AI

    209 Listeners

    Within Reason by Alex J O'Connor

    Within Reason

    1,658 Listeners

    All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

    All-In with Chamath, Jason, Sacks & Friedberg

    10,227 Listeners

    Dwarkesh Podcast by Dwarkesh Patel

    Dwarkesh Podcast

    548 Listeners

    Big Technology Podcast by Alex Kantrowitz

    Big Technology Podcast

    513 Listeners

    Hard Fork by The New York Times

    Hard Fork

    5,547 Listeners

    The AI Daily Brief: Artificial Intelligence News and Analysis by Nathaniel Whittemore

    The AI Daily Brief: Artificial Intelligence News and Analysis

    659 Listeners

    Prof G Markets by Vox Media Podcast Network

    Prof G Markets

    1,471 Listeners

    The Pragmatic Engineer by Gergely Orosz

    The Pragmatic Engineer

    74 Listeners