BIT-envoy-2024-45807

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/envoy/BIT-envoy-2024-45807.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-envoy-2024-45807
Aliases
  • CVE-2024-45807
Published
2024-09-21T07:10:45.353Z
Modified
2024-09-21T08:12:18.330201Z
Summary
[none]
Details

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Bitnami / envoy

Package

Name
envoy
Purl
pkg:bitnami/envoy

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
1.31.0
Fixed
1.31.2