cve-2024-32475
Vulnerability from cvelistv5
Published
2024-04-18 14:18
Modified
2024-08-02 02:13
Summary
Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "envoy",
            "vendor": "envoyproxy",
            "versions": [
              {
                "lessThan": "1.27.5",
                "status": "affected",
                "version": "1.13.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T19:38:07.050413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:51:20.709Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:13:39.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"
          },
          {
            "name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.30.0, \u003c 11.30.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.29.0, \u003c 1.29.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.28.0, \u003c 1.28.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.27.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253: Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-18T14:18:18.947Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"
        },
        {
          "name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"
        }
      ],
      "source": {
        "advisory": "GHSA-3mh5-6q8v-25wj",
        "discovery": "UNKNOWN"
      },
      "title": "Envoy RELEASE_ASSERT using auto_sni with :authority header \u003e 255 bytes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-32475",
    "datePublished": "2024-04-18T14:18:18.947Z",
    "dateReserved": "2024-04-12T19:41:51.167Z",
    "dateUpdated": "2024-08-02T02:13:39.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-32475\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-18T15:15:30.670\",\"lastModified\":\"2024-11-21T09:14:59.277\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\\n\"},{\"lang\":\"es\",\"value\":\"Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Cuando se utiliza un cl\u00faster TLS ascendente con `auto_sni` habilitado, una solicitud que contiene un encabezado `host`/`:authority` de m\u00e1s de 255 caracteres desencadena una terminaci\u00f3n anormal del proceso de Envoy. Envoy no maneja correctamente un error al configurar SNI para la conexi\u00f3n TLS saliente. El error puede ocurrir cuando Envoy intenta usar el valor del encabezado `host`/`:authority` de m\u00e1s de 255 caracteres como SNI para la conexi\u00f3n TLS saliente. La longitud del SNI est\u00e1 limitada a 255 caracteres seg\u00fan el est\u00e1ndar. Envoy siempre espera que esta operaci\u00f3n tenga \u00e9xito y aborta el proceso de forma anormal cuando falla. Esta vulnerabilidad se solucion\u00f3 en 1.30.1, 1.29.4, 1.28.3 y 1.27.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-253\"},{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"references\":[{\"url\":\"https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.