{
  "threat_severity" : "Important",
  "public_date" : "2022-06-09T14:00:00Z",
  "bugzilla" : {
    "description" : "envoy: oauth filter calls continueDecoding() from within decodeHeaders()",
    "id" : "2088740",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2088740"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-617",
  "details" : [ "Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.", "A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions." ],
  "acknowledgement" : "Red Hat would like to thank the Envoy security team for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "OpenShift Service Mesh 2.1",
    "release_date" : "2022-06-13T00:00:00Z",
    "advisory" : "RHSA-2022:5004",
    "cpe" : "cpe:/a:redhat:service_mesh:2.1::el8",
    "package" : "servicemesh-proxy-0:2.1.3-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Service Mesh 2.0",
    "fix_state" : "Affected",
    "package_name" : "servicemesh-proxy",
    "cpe" : "cpe:/a:redhat:service_mesh:2.0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-29228\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29228\nhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-rww6-8h7g-8jf6" ],
  "name" : "CVE-2022-29228",
  "csaw" : false
}