Unrated severityNVD Advisory· Published Dec 18, 2024· Updated Dec 18, 2024

Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy

CVE-2024-53269

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

Affected products

Envoyproxy/Envoyv5
Range: >= 1.32.0, < 1.32.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401mitrex_refsource_MISC
github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000