Use After Free

2024-06-0705:22:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

vulnerability

use-after-free

quiche

attackers

disrupt service

freed memory

hcm activestream

stopreading method

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

github.com/envoyproxy/envoy is vulnerable to a use-after-free. The vulnerability is due to QUICHE continuing to push request headers after the StopReading method is called on the stream, which can lead to accessing a destroyed HCM ActiveStream object. This allows attackers to disrupt service by manipulating the freed memory.

CPENameOperatorVersion
github.com/envoyproxy/envoylev1.27.5
github.com/envoyproxy/envoylev1.30.1
github.com/envoyproxy/envoylev1.29.4
github.com/envoyproxy/envoylev1.28.3
github.com/envoyproxy/envoylev1.27.5
github.com/envoyproxy/envoylev1.30.1
github.com/envoyproxy/envoylev1.29.4
github.com/envoyproxy/envoylev1.28.3

Name	Operator	Version
github.com/envoyproxy/envoy	le	v1.27.5
github.com/envoyproxy/envoy	le	v1.30.1
github.com/envoyproxy/envoy	le	v1.29.4
github.com/envoyproxy/envoy	le	v1.28.3
github.com/envoyproxy/envoy	le	v1.27.5
github.com/envoyproxy/envoy	le	v1.30.1
github.com/envoyproxy/envoy	le	v1.29.4
github.com/envoyproxy/envoy	le	v1.28.3