CVE-2024-45809Improper Restriction of Operations within the Bounds of a Memory Buffer in Envoy

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer Dereference2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 67.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Envoyproxy Envoy
Timeline
PublishedSep 20

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header operations are enabled in JWT filter, e.g. header to claims feature; 4. the routing table is configured in a way that the JWT header operations modify requests to not match any route. When these conditions

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDenvoyproxy/envoy1.29.01.29.9+2
CVEListV5envoyproxy/envoy>= 1.29.0, < 1.29.9, >= 1.30.0, < 1.30.6, >= 1.31.0, < 1.31.2+2

📋Vendor Advisories

1
Red Hat
envoy: JWT filter crash in the clear route cache with remote JWKs2024-09-20