Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-45810

Опубликовано: 20 сент. 2024
Источник: redhat
CVSS3: 7.5

Описание

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply() in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in router.onDestroy(), causing segment fault. This will impact ext_authz if the upgrade and connection header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A flaw was found in Envoy. Envoy will crash when the http async client is handling sendLocalReply under some circumstances, such as websocket upgrade and requests mirroring. The http async client will crash during the sendLocalReply() in http async client if the http async client is duplicating the status code or if the destruction of the router is called at the destructor of the async stream while the stream is deferred or deleted. This issue occurs when the stream decoder is destroyed but it's reference is called in router.onDestroy(), causing a segment fault. This will impact ext_authz if the upgrade and connection header are allowed.

Отчет

The vulnerability in Envoy related to the HTTP async client crashing during sendLocalReply() is classified as moderate severity rather than important due to the crash is contingent on particular scenarios, such as websocket upgrades and request mirroring, which may not be common in all deployments. Additionally, while the segmentation fault can disrupt service, it does not compromise data integrity or expose sensitive information.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2openshift-service-mesh/proxyv2-rhel8Affected
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/grafana-rhel8FixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/istio-cni-rhel8FixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/istio-must-gather-rhel8FixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/istio-rhel8-operatorFixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/kiali-ossmc-rhel8FixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/kiali-rhel8FixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/kiali-rhel8-operatorFixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/pilot-rhel8FixedRHSA-2024:772607.10.2024
Red Hat OpenShift Service Mesh 2.6 for RHEL 8openshift-service-mesh/ratelimit-rhel8FixedRHSA-2024:772607.10.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2313687envoy: Envoy crashes for `LocalReply` in HTTP async client

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-45810

CVSS3: 6.5
nvd
больше 1 года назад

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the `sendLocalReply()` in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDestroy()`, causing segment fault. This will impact ext_authz if the `upgrade` and `connection` header are allowed, and request mirrorring. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian логотип

CVE-2024-45810

CVSS3: 6.5
debian
больше 1 года назад

Envoy is a cloud-native high-performance edge/middle/service proxy. En ...

7.5 High

CVSS3