Lucene search
GoogleOSV:BIT-ENVOY-2024-34364HistoryJun 06, 2024 - 7:17 a.m.
BIT-envoy-2024-34364
2024-06-0607:17:26
Google
osv.dev
26
envoy
oom
vulnerability
async
http
buffer
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
7
Confidence
High
EPSS
0
Percentile
13.3%
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
Related
vulnrichment
vulnrichment
redhatcve
redhatcve
CVE-2024-34364
2024-06-14 02:42:32
cve
cve
CVE-2024-34364
2024-06-04 21:15:34
veracode
veracode
Denial Of Service (DoS)
2024-06-07 05:23:53
cvelist
cvelist
nvd
nvd
CVE-2024-34364
2024-06-04 21:15:34
nessus
nessus
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)
2024-06-24 00:00:00
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-647)
2024-06-24 00:00:00
Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)
2024-07-08 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
7
Confidence
High
EPSS
0
Percentile
13.3%
Related for OSV:BIT-ENVOY-2024-34364