Lucene search

[email protected]NVD:CVE-2024-32974

HistoryJun 04, 2024 - 9:15 p.m.

CVE-2024-32974

2024-06-0421:15:33

CWE-416

[email protected]

web.nvd.nist.gov

envoy

open source

edge

service proxy

use-after-free

envoyquicserverstream

oninitialheaderscomplete

crash

hcm

activestream

destroyed

push request headers

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete() with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading() being called on the stream. As after StopReading(), the HCM’s ActiveStream might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

Affected configurations

Nvd

Node

envoyproxyenvoyRange<1.27.6

envoyproxyenvoyRange1.28.0–1.28.4

envoyproxyenvoyRange1.29.0–1.29.5

envoyproxyenvoyRange1.30.0–1.30.2

VendorProductVersionCPE
envoyproxyenvoy*cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
envoyproxy	envoy	*	cpe:2.3:a:envoyproxy:envoy::::::::

References

github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2024-32974

redhatcve1 veracode1 vulnrichment1 osv1 cve1 cvelist1 nessus3