GitHub_MVULNRICHMENT:CVE-2024-34364CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
13.5%
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
CNA Affected
[
{
"vendor": "envoyproxy",
"product": "envoy",
"versions": [
{
"version": ">= 1.30.0, <= 11.30.1",
"status": "affected"
},
{
"version": ">= 1.29.0, <= 1.29.4",
"status": "affected"
},
{
"version": ">= 1.28.0, <= 1.28.3",
"status": "affected"
},
{
"version": "<= 1.27.5",
"status": "affected"
}
]
}
]Related
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
13.5%