TLS Error Handling Flaw in Envoy Proxy by Envoy Proxy Developers
CVE-2024-32475
Currently unrated
What is CVE-2024-32475?
A vulnerability in Envoy Proxy occurs when using an upstream TLS cluster with 'auto_sni' enabled, where a request containing a 'host' or ':authority' header exceeding 255 characters leads to an abnormal termination of the Envoy process. This issue arises because the SNI (Server Name Indication) length is capped at 255 characters per standard, and Envoy fails to manage the error gracefully. The process aborts unexpectedly when it encounters this failure, which can disrupt service operations. The vulnerability has been addressed in versions 1.30.1, 1.29.4, 1.28.3, and 1.27.5.