Lucene search
GitHub_MCVELIST:CVE-2024-32976HistoryJun 04, 2024 - 8:59 p.m.
CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input
2024-06-0420:59:59
CWE-835
GitHub_M
www.cve.org
12
cve-2024-32976
envoy
cloud-native
open source
edge
service proxy
brotli
filter
endless loop
decompression
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.0%
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
CNA Affected
[
{
"vendor": "envoyproxy",
"product": "envoy",
"versions": [
{
"version": ">= 1.30.0, <= 11.30.1",
"status": "affected"
},
{
"version": ">= 1.29.0, <= 1.29.4",
"status": "affected"
},
{
"version": ">= 1.28.0, <= 1.28.3",
"status": "affected"
},
{
"version": "> 1.18.0, <= 1.27.5",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2024-32976
2024-06-04 21:15:34
osv
osv
BIT-envoy-2024-32976
2024-06-06 07:18:14
cve
cve
CVE-2024-32976
2024-06-04 21:15:34
vulnrichment
vulnrichment
redhatcve
redhatcve
CVE-2024-32976
2024-06-14 02:12:33
veracode
veracode
Infinite Loop
2024-06-07 05:21:43
nessus
nessus
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
2024-06-24 00:00:00
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
2024-06-24 00:00:00
Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)
2024-07-08 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.0%
Related for CVELIST:CVE-2024-32976