Endless Loop in Brotli Decompression Affects Envoyproxy
CVE-2024-32976

7.5HIGH

Key Information:

Vendor
Envoy
Status
Envoy
Vendor
CVE Published:
4 June 2024

Badges

πŸ“° News Worthy

Summary

A vulnerability exists in Envoy Proxy, an open-source edge and service proxy widely used in cloud-native architectures. When utilizing the Brotli filter, the system can enter into an endless loop during the decompression process of Brotli data that contains additional input. This can lead to unresponsive behavior, affecting the service continuity and user experience. Mitigating this vulnerability is crucial for maintaining robust application performance and security.

News Articles

favicon imageprophaze.com

CVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF

CVE-2021-36471 : Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.

8 months ago

References

https://github.com/envoyproxy/envoy/security/advisories/G...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by prophaze.com

  • Vulnerability published

.