CVE-2024-34364

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

History

11 Jun 2024, 17:20

Type Values Removed Values Added
First Time Envoyproxy envoy
Envoyproxy
References () https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26 - () https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26 - Exploit, Third Party Advisory
CPE cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
CWE CWE-787
CVSS v2 : unknown
v3 : 5.7
v2 : unknown
v3 : 6.5

05 Jun 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. Envoy expuso un vector de falta de memoria (OOM) de la respuesta reflejada, ya que el cliente HTTP asíncrono almacenará la respuesta en un búfer ilimitado.

04 Jun 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-04 21:15

Updated : 2024-06-11 17:20


NVD link : CVE-2024-34364

Mitre link : CVE-2024-34364

CVE.ORG link : CVE-2024-34364


JSON object : View

Products Affected

envoyproxy

  • envoy
CWE
CWE-787

Out-of-bounds Write

CWE-400

Uncontrolled Resource Consumption