VYPR
Unrated severityNVD Advisory· Published Dec 18, 2024· Updated Dec 18, 2024

Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy

CVE-2024-53269

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Envoyproxy/Envoyllm-fuzzy2 versions
    >= 1.30.0, < 1.30.8 || >= 1.31.0, < 1.31.4 || >= 1.32.0, < 1.32.2+ 1 more
    • (no CPE)range: >= 1.30.0, < 1.30.8 || >= 1.31.0, < 1.31.4 || >= 1.32.0, < 1.32.2
    • (no CPE)range: >= 1.32.0, < 1.32.2
  • osv-coords
    Range: >= 1.30.0, < 1.30.8

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.