Lucene search
HistoryJun 04, 2024 - 9:15 p.m.
CVE-2024-34364
envoy
oom vulnerability
async http
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.5%
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
Affected configurations
Node
envoyproxyenvoyRange<1.27.6
ORenvoyproxyenvoyRange1.28.0–1.28.4
ORenvoyproxyenvoyRange1.29.0–1.29.5
ORenvoyproxyenvoyRange1.30.0–1.30.2
Related
cve
cve
CVE-2024-34364
2024-06-04 21:15:34
redhatcve
redhatcve
CVE-2024-34364
2024-06-14 02:42:32
vulnrichment
vulnrichment
osv
osv
BIT-envoy-2024-34364
2024-06-06 07:17:26
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2024-06-07 05:23:53
nessus
nessus
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
2024-06-24 00:00:00
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
2024-06-24 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.5%
Related for NVD:CVE-2024-34364