2 matches found
CVE-2024-32974 Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading being called on the stream. As after StopReadin...
CVE-2024-32974
CVE-2024-32974 is a use-after-free in Envoy’s QUIC stack. A crash occurs in EnvoyQuicServerStream::OnInitialHeadersComplete() because QUICHE may push request headers after StopReading() and the HCM ActiveStream has been destroyed, risking use-after-free when QUICHE makes up calls. This can crash ...