2025-12-03 18:31:50
GitHub_M
PUBLISHED
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (0) inside an OTHERNAME SAN value as valid matches.