ISTIO-SECURITY-2024-001
CVEs reported by Envoy.
Disclosure Details | |
---|---|
CVE(s) | CVE-2024-23322 CVE-2024-23323 CVE-2024-23324 CVE-2024-23325 CVE-2024-23327 |
CVSS Impact Score | 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Affected Releases | All releases prior to 1.19.0 1.19.0 to 1.19.6 1.20.0 to 1.20.2 |
CVE
Envoy CVEs
Note: At the time of publishing, the below security advisories have not yet been published, but should be published shortly.
- CVE-2024-23322: (CVSS Score 7.5, High): Envoy crashes when idle and request per try timeout occur within the backoff interval.
- CVE-2024-23323: (CVSS Score 4.3, Moderate): Excessive CPU usage when URI template matcher is configured using regex.
- CVE-2024-23324: (CVSS Score 8.6, High): Ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata.
- CVE-2024-23325: (CVSS Score 7.5, High): Envoy crashes when using an address type that isn’t supported by the OS.
- CVE-2024-23327: (CVSS Score 7.5, High): Crash in proxy protocol when command type of LOCAL.
Am I Impacted?
The majority of exploitable behavior is related to the use of PROXY Protocol, primarily used in gateway scenarios. If you or your users have PROXY Protocol enabled, either via EnvoyFilter
or proxy config annotations, there is potential exposure.
Aside from the use of PROXY protocol, the usage of the %DOWNSTREAM_PEER_IP_SAN%
command operator for access logs has potential exposure.