CVE-2024-39305 — Use After Free in Envoy

CWE-416 — Use After Free1 documents1 sources

Severity

9.1CRITICALNVD

EPSS

0.0%

top 85.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Envoyproxy Envoy

Timeline

PublishedJul 1

Description

Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be immediately apparent if it was configured. Memory allocated for holding attribute values is freed after configuration was parsed. During request processing Envoy will attempt to copy content of de-allocated …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5envoyproxy/envoy< 1.27.7+3

▶NVDenvoyproxy/envoy4 versions+3

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗