Service Proxy Crash Risk in Envoy by Envoy Proxy
CVE-2024-53269

Currently unrated

Key Information:

Vendor: Envoy Proxy
Status: Envoy
Vendor: CVE Published:; 18 December 2024

🔔 Create Envoy Proxy Vulnerability Alert

What is CVE-2024-53269?

A notable vulnerability in Envoy, a high-performance cloud-native service proxy, poses a risk when the Happy Eyeballs sorting algorithm encounters non-IP addresses, leading to a crash in the data plane. This issue has been mitigated in subsequent releases, specifically versions 1.32.2, 1.31.4, and 1.30.8. Users who are unable to upgrade the software can either disable the Happy Eyeballs feature or adjust their IP configuration to avoid interruptions.

References

https://github.com/envoyproxy/envoy/pull/37743/commits/3f...

https://github.com/envoyproxy/envoy/security/advisories/G...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2024

JSON