VYPR
Unrated severityNVD Advisory· Published Dec 18, 2024· Updated Dec 18, 2024

HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy

CVE-2024-53271

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Envoyproxy/Envoyllm-fuzzy2 versions
    <1.31.5 >=1.31.0, <1.32.3 >=1.32.0+ 1 more
    • (no CPE)range: <1.31.5 >=1.31.0, <1.32.3 >=1.32.0
    • (no CPE)range: >= 1.31.0, < 1.31.5
  • osv-coords
    Range: >= 1.31.0, < 1.31.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.