CVE-2024-32974

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete() with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading() being called on the stream. As after StopReading(), the HCM's ActiveStream might have already be destroyed and any up calls from QUICHE could potentially cause use after free.

Published: Jun 4, 2024
Updated: Jun 13, 2024
CVE: CVE-2024-32974
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
envoyproxy / envoy	1.30.0	1.30.2
envoyproxy / envoy	1.29.0	1.29.5
envoyproxy / envoy	1.28.0	1.28.4
envoyproxy / envoy	-	1.27.6

https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299

Vulnerability Database

289,599

CVE-2024-32974