Everand Logo

Welcome to Everand!

  • Discover this podcast and so much more

    Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

    Envoy Proxy Fixes Two Zero Day vulnerabilities (UDP Proxy, TCP Proxy)

    Envoy Proxy Fixes Two Zero Day vulnerabilities (UDP Proxy, TCP Proxy)

    FromThe Backend Engineering Show with Hussein Nasser

    Start listeningView podcast show

    Envoy Proxy Fixes Two Zero Day vulnerabilities (UDP Proxy, TCP Proxy)

    FromThe Backend Engineering Show with Hussein Nasser

    ratings:
    Length:
    8 minutes
    Released:
    Nov 22, 2020
    Format:
    Podcast episode

    Description

    The Envoy Proxy fixed two zero day vulnerabilities, from Envoy groups :
    We are announcing the fixes for two zero days that were identified today:

    Crash in UDP proxy when datagram size is > 1500. This can happen if either MTU > 1500 or if fragmented datagrams are forwarded and reassembled: https://github.com/envoyproxy/envoy/pull/14122. This issue was already under embargo and a new issue was opened in public GitHub.
    Proxy proto downstream address not restored correctly for non-HTTP connections: https://github.com/envoyproxy/envoy/pull/14131. This issue was opened publicly recently but the security implications were not clear at the time. This will affect logging and network level RBAC for non-HTTP network connections.

    Resources
    https://groups.google.com/g/envoy-security-announce/c/aqtBt5VUor0
    0:00
    0:20 UDP Proxy Crash
    2:15 Incorrect Downstream Remote Address
    Released:
    Nov 22, 2020
    Format:
    Podcast episode

    Titles in the series (100)

    Welcome to the Backend Engineering Show podcast with your host Hussein Nasser. If you like software engineering you’ve come to the right place. I discuss all sorts of software engineering technologies and news with specific focus on the backend. All opinions are my own. Most of my content in the podcast is an audio version of videos I post on my youtube channel here http://www.youtube.com/c/HusseinNasser-software-engineering Buy me a coffee https://www.buymeacoffee.com/hnasr ?‍? Courses I Teach https://husseinnasser.com/courses