Lucene search
HistoryJun 04, 2024 - 9:15 p.m.
CVE-2024-32975
envoy
cloud-native
proxy
crash
integer underflow
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.1%
Envoy is a cloud-native, open source edge and service proxy. There is a crash at QuicheDataReader::PeekVarInt62Length(). It is caused by integer underflow in the QuicStreamSequencerBuffer::PeekRegion() implementation.
Affected configurations
Node
envoyproxyenvoyRange<1.27.6
ORenvoyproxyenvoyRange1.28.0–1.28.4
ORenvoyproxyenvoyRange1.29.0–1.29.5
ORenvoyproxyenvoyRange1.30.0–1.30.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| envoyproxy | envoy | * | cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-32975 Envoy crashes in QuicheDataReader::PeekVarInt62Length()
2024-06-04 21:00:03
osv
osv
BIT-envoy-2024-32975
2024-06-06 07:18:33
cve
cve
CVE-2024-32975
2024-06-04 21:15:33
redhatcve
redhatcve
CVE-2024-32975
2024-06-14 02:12:33
veracode
veracode
Integer Underflow
2024-06-06 08:19:38
cvelist
cvelist
CVE-2024-32975 Envoy crashes in QuicheDataReader::PeekVarInt62Length()
2024-06-04 21:00:03
nessus
nessus
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
2024-06-24 00:00:00
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
2024-06-24 00:00:00
Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)
2024-07-08 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.1%
Related for NVD:CVE-2024-32975