Endless Loop in Brotli Decompression Affects Envoyproxy
CVE-2024-32976

7.5HIGH

Key Information:

Vendor: Envoy
Status: Envoy
Vendor: CVE Published:; 4 June 2024

Badges

📰 News Worthy

What is CVE-2024-32976?

A vulnerability exists in Envoy Proxy, an open-source edge and service proxy widely used in cloud-native architectures. When utilizing the Brotli filter, the system can enter into an endless loop during the decompression process of Brotli data that contains additional input. This can lead to unresponsive behavior, affecting the service continuity and user experience. Mitigating this vulnerability is crucial for maintaining robust application performance and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

News Articles

prophaze.com

CVE-2024-4295 CVE-2024-32976

CVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF

CVE-2021-36471 : Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.

References

https://github.com/envoyproxy/envoy/security/advisories/G...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by prophaze.com
Jun 7, 2024
Vulnerability published
Jun 4, 2024

JSON

Envoy

Badges

What is CVE-2024-32976?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

News Articles

CVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.