CVE-2024-32974

Опубликовано: 04 июн. 2024

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

EPSS Низкий

Описание

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete() with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading() being called on the stream. As after StopReading(), the HCM's ActiveStream might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

Ссылки

https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299
Exploit
Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

Версия до 1.27.6 (исключая)

cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

Версия от 1.28.0 (включая) до 1.28.4 (исключая)

cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

Версия от 1.29.0 (включая) до 1.29.5 (исключая)

cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

Версия от 1.30.0 (включая) до 1.30.2 (исключая)

EPSS

Процентиль: 8%

0.00028

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2024-32974

CVSS3: 5.9

redhat

больше 1 года назад

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

CVE-2024-32974

CVSS3: 5.9

debian

больше 1 года назад

Envoy is a cloud-native, open source edge and service proxy. A crash w ...

EPSS

Процентиль: 8%

0.00028

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-416