CVE-2024-32475

Summary

Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with auto_sni enabled, a request containing a host/:authority header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the host/:authority header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.

Affected Software

VendorProductVersion RangeStatus
envoyproxyenvoy>= 1.30.0, < 11.30.1affected
envoyproxyenvoy>= 1.29.0, < 1.29.4affected
envoyproxyenvoy>= 1.28.0, < 1.28.3affected
envoyproxyenvoy>= 1.13.0, < 1.27.5affected

Weaknesses

  • CWE-253: CWE-253: Incorrect Check of Function Return Value
  • CWE-617: CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References