Description

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.

INFO

Published Date :

2024-09-19T23:34:28.938Z

Last Modified :

2024-09-20T17:26:33.330Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45807 vulnerability.

Vendors Products
Envoyproxy
  • Envoy
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45807.

URL Resource
https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-45807 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-45807 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact