Multiple vulnerabilities in Envoy
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2024-45807 CVE-2024-45808 CVE-2024-45806 CVE-2024-45809 CVE-2024-45810 |
| CWE-ID | CWE-399 CWE-117 CWE-20 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
envoy Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Cloud Native Computing Foundation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU97627
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45807
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper stream management when using Oghttp with the default HTTP/2 codec. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsenvoy: 1.31.0 - 1.31.1
CPE2.3 External linkshttp://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Output Neutralization for Logs
EUVDB-ID: #VU97626
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45808
CWE-ID:
CWE-117 - Improper Output Neutralization for Logs
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary content into the log files.
The vulnerability exists due to insufficient validation of the REQUESTED_SERVER_NAME field. A remote attacker can inject unexpected content into access logs.
Install updates from vendor's website.
Vulnerable software versionsenvoy: 1.0.0 - 1.31.1
CPE2.3- cpe:2.3:a:cncf:envoy:1.31.1:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.30.5:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.29.8:*:*:*:*:*:*:*
http://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU97625
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45806
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to software considers all RFC1918 private address ranges as internal. A remote attacker can manipulate Envoy headers and gain unauthorized access or perform other malicious actions within the mesh.
MitigationInstall updates from vendor's website.
Vulnerable software versionsenvoy: 1.0.0 - 1.31.1
CPE2.3- cpe:2.3:a:cncf:envoy:1.31.1:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.30.5:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.29.8:*:*:*:*:*:*:*
http://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU97624
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in JWT filter. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsenvoy: 1.29.0 - 1.31.1
CPE2.3- cpe:2.3:a:cncf:envoy:1.31.1:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.30.5:*:*:*:*:*:*:*
http://github.com/envoyproxy/envoy/security/advisories/GHSA-wqr5-qmq7-3qw3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU97623
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45810
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the HTTP async client when handling sendLocalReply in WebSocket upgrade requests. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsenvoy: 1.0.0 - 1.31.1
CPE2.3- cpe:2.3:a:cncf:envoy:1.31.1:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.30.5:*:*:*:*:*:*:*
- cpe:2.3:a:cncf:envoy:1.29.8:*:*:*:*:*:*:*
http://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
