CVE-2024-45807

Опубликовано: 20 сент. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.

Ссылки

https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

Версия от 1.31.0 (включая) до 1.31.2 (исключая)

EPSS

Процентиль: 24%

0.00079

Низкий

7.5 High

CVSS3

Дефекты

CWE-670

NVD-CWE-noinfo

Связанные уязвимости

CVE-2024-45807

CVSS3: 7.5

redhat

больше 1 года назад

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.

CVE-2024-45807

CVSS3: 7.5

debian

больше 1 года назад

Envoy is a cloud-native high-performance edge/middle/service proxy. En ...

EPSS

Процентиль: 24%

0.00079

Низкий

7.5 High

CVSS3

Дефекты

CWE-670

NVD-CWE-noinfo