7.5
CVE-2024-53269
- EPSS 0.02%
- Veröffentlicht 18.12.2024 20:15:24
- Zuletzt bearbeitet 28.08.2025 14:41:52
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Envoyproxy ≫ Envoy Version >= 1.30.0 < 1.30.8
Envoyproxy ≫ Envoy Version >= 1.31.0 < 1.31.4
Envoyproxy ≫ Envoy Version >= 1.32.0 < 1.32.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 4.5 | 0.9 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-670 Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.