CVE-2024-23323
published 2024-02-09CVE-2024-23323: Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased…
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.50%
39.4th percentile
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| envoyproxy | envoy | < 1.26.7 | 1.26.7 |
| envoyproxy | envoy | — | — |
| envoyproxy | envoy | — | — |
| envoyproxy | envoy | — | — |
| envoyproxy | envoy | >= 1.26.0 < 1.26.7 | 1.26.7 |
| envoyproxy | envoy | >= 1.27.0 < 1.27.3 | 1.27.3 |
| envoyproxy | envoy | >= 1.28.0 < 1.28.1 | 1.28.1 |
| envoyproxy | envoy | >= 1.29.0 < 1.29.1 | 1.29.1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7chhttps://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch
2024-02-09
Published