CVE-2024-32974

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32974

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32974.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32974

Aliases

BIT-envoy-2024-32974

Related

GHSA-mgxp-7hhp-8299

Published

2024-06-04T21:15:33Z

Modified

2025-02-19T02:57:32.987649Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete() with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading() being called on the stream. As after StopReading(), the HCM's ActiveStream might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type: GIT
Repo: https://github.com/envoyproxy/envoy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

84d6d3ae2d687626e9fa0dd6560acc6107ac4c2c

Affected versions

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.18.1

v1.18.2

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.27.1

v1.27.2

v1.27.3

v1.27.4

v1.27.5

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0