CVE-2024-32475
Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.
Envoy es un proxy de servicio y borde de código abierto, nativo de la nube. Cuando se utiliza un clúster TLS ascendente con `auto_sni` habilitado, una solicitud que contiene un encabezado `host`/`:authority` de más de 255 caracteres desencadena una terminación anormal del proceso de Envoy. Envoy no maneja correctamente un error al configurar SNI para la conexión TLS saliente. El error puede ocurrir cuando Envoy intenta usar el valor del encabezado `host`/`:authority` de más de 255 caracteres como SNI para la conexión TLS saliente. La longitud del SNI está limitada a 255 caracteres según el estándar. Envoy siempre espera que esta operación tenga éxito y aborta el proceso de forma anormal cuando falla. Esta vulnerabilidad se solucionó en 1.30.1, 1.29.4, 1.28.3 y 1.27.5.
A flaw was found in Envoy, a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with "auto_sni" enabled, a request containing a "host/:authority" header longer than 255 characters triggers an abnormal termination of the Envoy process, leading to a denial of service.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-12 CVE Reserved
- 2024-04-18 CVE Published
- 2024-04-19 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-253: Incorrect Check of Function Return Value
- CWE-617: Reachable Assertion
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382 | X_refsource_misc | |
| https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-32475 | 2024-10-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2276149 | 2024-10-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.30.0 < 11.30.1 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.30.0 < 11.30.1" | en |
Affected
| ||||||
| Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.29.0 < 1.29.4 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.29.0 < 1.29.4" | en |
Affected
| ||||||
| Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.28.0 < 1.28.3 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.28.0 < 1.28.3" | en |
Affected
| ||||||
| Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.13.0 < 1.27.5 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.13.0 < 1.27.5" | en |
Affected
| ||||||