Vulnerability Description
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envoyproxy | Envoy | >= 1.30.0, < 1.30.8 |
Related Weaknesses (CWE)
References
- https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b5Patch
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53ExploitThird Party Advisory
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53ExploitThird Party Advisory
FAQ
What is CVE-2024-53269?
CVE-2024-53269 is a vulnerability with a CVSS score of 4.5 (MEDIUM). Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has bee...
How severe is CVE-2024-53269?
CVE-2024-53269 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-53269?
Check the references section above for vendor advisories and patch information. Affected products include: Envoyproxy Envoy.