We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-53270

HTTP/1: sending overload crashes when the request is reset beforehand in envoy



Description

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold.

Reserved 2024-11-19 | Published 2024-12-18 | Updated 2024-12-18 | Assigner GitHub_M


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-670: Always-Incorrect Control Flow Implementation

Product status

>= 1.32.0, < 1.32.3
affected

>= 1.31.0, < 1.31.5
affected

>= 1.30.0, < 1.30.9
affected

< 1.29.12
affected

References

github.com/.../envoy/security/advisories/GHSA-q9qv-8j52-77p3

github.com/...mmits/6cf8afda956ba67c9afad185b962325a5242ef02

cve.org (CVE-2024-53270)

nvd.nist.gov (CVE-2024-53270)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-53270

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.