Lucene search
HistoryJun 04, 2024 - 9:15 p.m.
CVE-2024-32976
cve-2024-32976
nvd
vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
Affected configurations
Node
envoyproxyenvoyRange1.30.0–11.30.1
ORenvoyproxyenvoyRange1.29.0–1.29.4
ORenvoyproxyenvoyRange1.28.0–1.28.3
ORenvoyproxyenvoyRange1.18.0–1.27.5
CNA Affected
[
{
"vendor": "envoyproxy",
"product": "envoy",
"versions": [
{
"version": ">= 1.30.0, <= 11.30.1",
"status": "affected"
},
{
"version": ">= 1.29.0, <= 1.29.4",
"status": "affected"
},
{
"version": ">= 1.28.0, <= 1.28.3",
"status": "affected"
},
{
"version": "> 1.18.0, <= 1.27.5",
"status": "affected"
}
]
}
]Related
osv
osv
BIT-envoy-2024-32976
2024-06-06 07:18:14
redhatcve
redhatcve
CVE-2024-32976
2024-06-14 02:12:33
nvd
nvd
CVE-2024-32976
2024-06-04 21:15:34
cvelist
cvelist
veracode
veracode
Infinite Loop
2024-06-07 05:21:43
nessus
nessus
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
2024-06-24 00:00:00
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
2024-06-24 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Related for CVE-2024-32976