Envoy Crashes Due to JWT Filter Issues

CVE-2024-45809

What is CVE-2024-45809?

A critical vulnerability in Envoy's JWT filter can lead to an unexpected crash of the service proxy under specific conditions. This occurs when remote JSON Web Keys (JWKs) are being utilized, asynchronous header processing is required, route cache clearing is enabled, and header operations are configured within the JWT filter in a manner that modifies requests to no longer correspond with any defined routes. The root issue arises from a null pointer reference in the upstream code due to the improper ordering of decoding processes and route cache clearance. Versions 1.31.2, 1.30.6, and 1.29.9 have addressed this issue, so immediate upgrades are recommended as no workarounds are available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References