Cloud-Native Edge Proxy Vulnerability Affecting Envoy by EnvoyProxy
CVE-2024-34363

7.5HIGH

Key Information:

Vendor: Envoyproxy
Status: Envoy
Vendor: CVE Published:; 4 June 2024

What is CVE-2024-34363?

A vulnerability exists within Envoy, a widely-used cloud-native edge and service proxy, which arises from the interactions with the nlohmann JSON library. When incomplete UTF-8 strings are serialized, this can lead to the library throwing an uncaught exception. The consequence of such an exception is a crash of the Envoy process, potentially interrupting service and affecting applications that rely on its functionality. This vulnerability underlines the importance of robust error handling in software reliant on third-party libraries.

References

https://github.com/envoyproxy/envoy/security/advisories/G...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2024

CVE-2024-34363 Data

JSON

Envoyproxy

What is CVE-2024-34363?

References

CVSS V3.1

Timeline