Lucene search
GitHub_MCVELIST:CVE-2024-34364HistoryJun 04, 2024 - 8:59 p.m.
CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
2024-06-0420:59:48
CWE-400
GitHub_M
www.cve.org
envoy
http
async client
oom
vector
unbounded buffer
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.5%
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
CNA Affected
[
{
"vendor": "envoyproxy",
"product": "envoy",
"versions": [
{
"version": ">= 1.30.0, <= 11.30.1",
"status": "affected"
},
{
"version": ">= 1.29.0, <= 1.29.4",
"status": "affected"
},
{
"version": ">= 1.28.0, <= 1.28.3",
"status": "affected"
},
{
"version": "<= 1.27.5",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2024-34364
2024-06-04 21:15:34
redhatcve
redhatcve
CVE-2024-34364
2024-06-14 02:42:32
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-34364
2024-06-04 21:15:34
osv
osv
BIT-envoy-2024-34364
2024-06-06 07:17:26
veracode
veracode
Denial Of Service (DoS)
2024-06-07 05:23:53
nessus
nessus
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
2024-06-24 00:00:00
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
2024-06-24 00:00:00
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.5%
Related for CVELIST:CVE-2024-34364