CVE-2024-45810Improper Restriction of Operations within the Bounds of a Memory Buffer in Envoy

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 91.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Envoyproxy Envoy
Timeline
PublishedSep 20

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. The

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDenvoyproxy/envoy1.29.01.29.9+3
CVEListV5envoyproxy/envoy>= 1.29.0, < 1.29.9, >= 1.30.0, < 1.30.6, >= 1.31.0, < 1.31.2+2

📋Vendor Advisories

1
Red Hat
envoy: Envoy crashes for `LocalReply` in HTTP async client2024-09-20