Lucene search

CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response

🗓️ 04 Jun 2024 20:48:59Reported by GitHub_MType

Envoy HTTP async client OOM vector

Reporter	Title	Published	Views	Family All 10
Vulnrichment	CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response	4 Jun 202420:59	–	vulnrichment
RedhatCVE	CVE-2024-34364	14 Jun 202402:42	–	redhatcve
OSV	BIT-ENVOY-2024-34364	6 Jun 202407:17	–	osv
OSV	CVE-2024-34364	4 Jun 202421:15	–	osv
NVD	CVE-2024-34364	4 Jun 202421:15	–	nvd
CVE	CVE-2024-34364	4 Jun 202421:15	–	cve
Veracode	Denial Of Service (DoS)	7 Jun 202405:23	–	veracode
Tenable Nessus	Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)	24 Jun 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)	24 Jun 202400:00	–	nessus
Tenable Nessus	Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)	8 Jul 202400:00	–	nessus

[
  {
    "vendor": "envoyproxy",
    "product": "envoy",
    "versions": [
      {
        "version": ">= 1.30.0, <= 11.30.1",
        "status": "affected"
      },
      {
        "version": ">= 1.29.0, <= 1.29.4",
        "status": "affected"
      },
      {
        "version": ">= 1.28.0, <= 1.28.3",
        "status": "affected"
      },
      {
        "version": "<= 1.27.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Jun 2024 20:59Current

5.7Medium risk

Vulners AI Score5.7

CVSS35.7

EPSS0.00044

CWE-400