CVE-2024-32975 Envoy crashes in QuicheDataReader::PeekVarInt62Length()

2024-06-0421:00:03

CWE-191

GitHub_M

github.com

envoy

quichedatareader

peekvarint62length

integer underflow

quicstreamsequencerbuffer

peekregion

security vulnerability

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

partial

JSON

Envoy is a cloud-native, open source edge and service proxy. There is a crash at QuicheDataReader::PeekVarInt62Length(). It is caused by integer underflow in the QuicStreamSequencerBuffer::PeekRegion() implementation.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
    ],
    "vendor": "envoyproxy",
    "product": "envoy",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "1.27.5"
      },
      {
        "status": "affected",
        "version": "1.28.0",
        "versionType": "custom",
        "lessThanOrEqual": "1.28.3"
      },
      {
        "status": "affected",
        "version": "1.29.0",
        "versionType": "custom",
        "lessThanOrEqual": "1.29.4"
      },
      {
        "status": "affected",
        "version": "1.30.0",
        "versionType": "custom",
        "lessThanOrEqual": "1.30.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]