Endless Loop in Brotli Decompression Affects Envoyproxy
CVE-2024-32976

7.5HIGH

Key Information:

Vendor: Envoy
Status: Envoy
Vendor: CVE Published:; 4 June 2024

Badges

📰 News Worthy

What is CVE-2024-32976?

A vulnerability exists in Envoy Proxy, an open-source edge and service proxy widely used in cloud-native architectures. When utilizing the Brotli filter, the system can enter into an endless loop during the decompression process of Brotli data that contains additional input. This can lead to unresponsive behavior, affecting the service continuity and user experience. Mitigating this vulnerability is crucial for maintaining robust application performance and security.

News Articles

prophaze.com

CVE-2024-4295 CVE-2024-32976

CVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF

CVE-2021-36471 : Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.

References

https://github.com/envoyproxy/envoy/security/advisories/G...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by prophaze.com
Jun 7, 2024
Vulnerability published
Jun 4, 2024

JSON