CVE-2024-23322

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 9, 2024

Updated: Feb 15, 2024

CWE ID 416

Summary

CVE-2024-23322 affects Envoy, a high-performance edge/middle/service proxy. The vulnerability causes Envoy to crash when specific timeouts occur concurrently. This issue is triggered when hedge_on_per_try_timeout, per_try_idle_timeout, and per-try-timeout are enabled, with the latter two only configurable and the per-try-timeout value being equal or within the backoff interval of per_try_idle_timeout. The vulnerability has been resolved in Envoy releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are strongly advised to upgrade as there are no known workarounds for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uJ4Wms
https://www.cve.org/CVERecord?id=CVE-2024-23322
https://nvd.nist.gov/vuln/detail/CVE-2024-23322

Back to Vulnerability Database

CVE-2024-23322

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations