Unrated severityNVD Advisory· Published Feb 9, 2024· Updated Aug 1, 2024

Excessive CPU usage when URI template matcher is configured using regex in Envoy

CVE-2024-23323

Description

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Envoyproxy/Envoyv5
Range: >= 1.29.0, < 1.29.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645mitrex_refsource_MISC
github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7chmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000