CVE-2024-32974 – Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
https://notcve.org/view.php?id=CVE-2024-32974
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free. Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299 • CWE-416: Use After Free •
CVE-2024-32975 – Envoy crashes in QuicheDataReader::PeekVarInt62Length()
https://notcve.org/view.php?id=CVE-2024-32975
Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation. Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. Hay un bloqueo en `QuicheDataReader::PeekVarInt62Length()`. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2024-32976 – Envoy can enter an endless loop while decompressing Brotli data with extra input
https://notcve.org/view.php?id=CVE-2024-32976
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input. Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. Envoyproxy con un filtro Brotli puede entrar en un bucle sin fin durante la descompresión de datos Brotli con entrada adicional. A flaw was found in Envoy's Brotli decompressor. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m https://access.redhat.com/security/cve/CVE-2024-32976 https://bugzilla.redhat.com/show_bug.cgi?id=2283145 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2024-34362 – Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream
https://notcve.org/view.php?id=CVE-2024-34362
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection. Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. Hay un use-after-free en `HttpConnectionManager` (HCM) con `EnvoyQuicServerStream` que puede bloquear Envoy. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv • CWE-416: Use After Free •
CVE-2024-34363 – Envoy can crash due to uncaught nlohmann JSON exception
https://notcve.org/view.php?id=CVE-2024-34363
Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash. Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. Debido a cómo Envoy invocó la librería JSON de nlohmann, la librería podría generar una excepción no detectada de los datos posteriores si se serializaran cadenas UTF-8 incompletas. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4 • CWE-248: Uncaught Exception •