Envoy Proxy Use After Free Vulnerability - CVE-2023-35943
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0 1.26.4 1.25.9 1.24.10 and 1.23.12 the CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeadersand encodeHeaders. Versions 1.27.0 1.26.4 1.25.9 1.24.10 and 1.23.12 have a fix for this issue. As a workaround do not remove the origin header in the Envoy configuration.