CVE-2024-53269

MEDIUM

Envoy 1.30.0-1.30.7 - Denial of Service via Happy Eyeballs Address Sorting

Title source: llm

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53

Patch x_refsource_misc

https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401

Scores

CVSS v3 4.5

EPSS 0.0066

EPSS Percentile 46.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-670

Status published

Products (1)

envoyproxy/envoy 1.30.0 - 1.30.8

Published Dec 18, 2024

Tracked Since Feb 18, 2026