#VU101845 Input validation error in envoy - CVE-2024-53269

Cybersecurity Help s.r.o.

Published: 2024-12-19 | Updated: 2024-12-23

Vulnerability identifier: #VU101845

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53269

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
envoy
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cloud Native Computing Foundation

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling additional IP addresses within the Happy Eyeballs sorting algorithm implementation. A remote user can pass a string that is not an IP address and crash the server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

envoy: 1.30.0 - 1.32.1

External links
https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401
https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53
https://github.com/envoyproxy/envoy/releases/tag/v1.30.9
https://github.com/envoyproxy/envoy/releases/tag/v1.31.5

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Istio update for Envoy

Denial of service in Envoy