CVE-2024-53269

MEDIUM

Envoy <1.32.2-1.30.8 - DoS

Title source: llm

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

References (2)

[Exploit, Third Party Advisory] https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53

[Patch] https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401

Scores

CVSS v3 4.5

EPSS 0.0002

EPSS Percentile 3.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-670

Status published

Products (1)

envoyproxy/envoy 1.30.0 - 1.30.8

Published Dec 18, 2024

Tracked Since Feb 18, 2026