Improper Handling of Exceptional Conditions

Summary

Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn't supported by the "OS". The envoy is susceptible to crashing on a host with "IPv6" disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its "IPv6" address. It is valid for a client to present its "IPv6" address to a target server even though the whole chain is connected via "IPv4". This vulnerability affects github.com/envoyproxy/envoy package versions through 1.26.6, 1.27.0 through 1.27.2, 1.28.0, and 1.29.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.