Incorrect Check of Function Return Value

Summary

Envoy, a cloud-native open-source edge and service proxy, contains a vulnerability when an upstream TLS cluster is used with "auto_sni" enabled. If a request includes a "host"/":authority" header longer than 255 characters, it triggers an abnormal termination of the Envoy process. This occurs because Envoy does not gracefully handle errors when setting SNI for outbound TLS connections. The error arises when Envoy attempts to use the "host"/":authority" header value exceeding 255 characters as SNI, violating the standard's length limitation. Envoy abnormally aborts the process due to the assumption that this operation will always succeed. The vulnerability affects Envoyproxy versions 1.13.x prior to 1.27.5, 1.28.x prior to 1.28.3, 1.29.x prior to 1.29.4, and 1.30.x prior to 1.30.1.