6.5
CVE-2024-34364
- EPSS 0.47%
- Veröffentlicht 04.06.2024 21:15:34
- Zuletzt bearbeitet 21.11.2024 09:18:30
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Envoyproxy ≫ Envoy Version < 1.27.6
Envoyproxy ≫ Envoy Version >= 1.28.0 < 1.28.4
Envoyproxy ≫ Envoy Version >= 1.29.0 < 1.29.5
Envoyproxy ≫ Envoy Version >= 1.30.0 < 1.30.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.368 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26