5 matches found
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy denial of service vulnerabilitiy(CVE-2024-32475).
Summary Potential Envoy denial of service vulnerabilitiyCVE-2024-32475 has been identified that affects IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-32475 DESCRIPTION: Envoy is vulnerable to a...
CVE-2024-32475
A flaw was found in Envoy, a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with "autosni" enabled, a request containing a "host/:authority" header longer than 255 characters triggers an abnormal termination of the Envoy process, leading to a denial of...
CVE-2024-32475
CVE-2024-32475 affects Envoy when an upstream TLS cluster uses auto_sni and a host/:authority header longer than 255 characters is used as SNI. The vulnerability is triggered by attempting to set SNI to a value exceeding the 255-char limit, causing Envoy to abort abnormally instead of handling th...
CVE-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with autosni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when settin...
CVE-2024-32475 Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with autosni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when settin...