U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2024-23322

Change History

New CVE Received by NIST 2/09/2024 6:15:08 PM

Action Type Old Value New Value
Added CVSS V3.1 




GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H






Added
CWE






GitHub, Inc. CWE-416






Added
Description






Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.






Added
Reference






GitHub, Inc. https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e [No types assigned]






Added
Reference






GitHub, Inc. https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38 [No types assigned]