CVE-2024-53269

MEDIUM

Envoy <1.32.2-1.30.8 - DoS

Title source: llm

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

References (2)

[Patch] https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401

[Exploit, Third Party Advisory] https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53

Scores

CVSS v3 4.5

EPSS 0.0001

EPSS Percentile 0.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-670

Status published

Affected Products (1)

envoyproxy/envoy < 1.30.8

Timeline

Published Dec 18, 2024

Tracked Since Feb 18, 2026