CVE-2024-53271

HIGH

Envoy <1.31.5-1.32.3 - DoS

Title source: llm

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

References (2)

Scores

CVSS v3 7.1
EPSS 0.0001
EPSS Percentile 0.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Classification

CWE
CWE-670
Status published

Affected Products (1)

envoyproxy/envoy < 1.31.5

Timeline

Published Dec 18, 2024
Tracked Since Feb 18, 2026