CVE-2024-32974
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete() with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading() being called on the stream. As after StopReading(), the HCM's ActiveStream might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| envoyproxy | envoy | >= 1.30.0, <= 11.30.1 | affected |
| envoyproxy | envoy | >= 1.29.0, <= 1.29.4 | affected |
| envoyproxy | envoy | >= 1.28.0, <= 1.28.3 | affected |
| envoyproxy | envoy | <= 1.27.5 | affected |
Weaknesses
- CWE-416: CWE-416: Use After Free
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.