CVE-2024-34364

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

History

11 Jun 2024, 17:20

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : 5.7
v2 : unknown
v3 : 6.5
First Time Envoyproxy
Envoyproxy envoy
References () https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26 - () https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26 - Exploit, Third Party Advisory
CPE cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

05 Jun 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. Envoy expuso un vector de falta de memoria (OOM) de la respuesta reflejada, ya que el cliente HTTP asíncrono almacenará la respuesta en un búfer ilimitado.

04 Jun 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-04 21:15

Updated : 2024-06-11 17:20


NVD link : CVE-2024-34364

Mitre link : CVE-2024-34364

CVE.ORG link : CVE-2024-34364


JSON object : View

Products Affected

envoyproxy

  • envoy
CWE
CWE-787

Out-of-bounds Write

CWE-400

Uncontrolled Resource Consumption