GitHub_MVULNRICHMENT:CVE-2024-32976CVE-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
],
"vendor": "envoyproxy",
"product": "envoy",
"versions": [
{
"status": "affected",
"version": "1.30.0",
"versionType": "custom",
"lessThanOrEqual": "1.30.1"
},
{
"status": "affected",
"version": "1.29.0",
"versionType": "custom",
"lessThanOrEqual": "1.29.4"
},
{
"status": "affected",
"version": "1.28.0",
"versionType": "custom",
"lessThanOrEqual": "1.28.3"
},
{
"status": "affected",
"version": "1.18.0",
"versionType": "custom",
"lessThanOrEqual": "1.27.5"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial