CVE-2024-53271

HIGH

Envoy <1.31.5-1.32.3 - DoS

Title source: llm

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

References (2)

[Exploit, Third Party Advisory] https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f

[Patch] https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8

View Patch ZIP pw:eip

Scores

CVSS v3 7.1

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-670

Status published

Products (1)

envoyproxy/envoy 1.31.0 - 1.31.5

Published Dec 18, 2024

Tracked Since Feb 18, 2026