CVE-2024-53271

HIGH

Envoy 1.31.0-1.31.4 - Denial of Service via HTTP 1.1 Non-101 1xx Response Handling

Title source: llm

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f

Patch x_refsource_misc

https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8

View Patch ZIP pw:eip

Scores

CVSS v3 7.1

EPSS 0.0060

EPSS Percentile 43.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-670

Status published

Products (1)

envoyproxy/envoy 1.31.0 - 1.31.5

Published Dec 18, 2024

Tracked Since Feb 18, 2026