BIT-envoy-2024-45807
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/envoy/BIT-envoy-2024-45807.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-envoy-2024-45807
- Aliases
-
- CVE-2024-45807
- GHSA-qc52-r4x5-9w37
- Published
- 2024-09-21T07:10:45.353Z
- Modified
- 2025-05-20T10:02:07.006Z
- Summary
- oghttp2 crash on OnBeginHeadersForStream in envoy
- Details
-
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using
oghttpas the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off theoghttp2by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue. - Database specific
{ "severity": "High", "cpes": [ "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*" ] }- References
Affected packages
Bitnami / envoy
Package
- Name
- envoy
- Purl
- pkg:bitnami/envoy
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator