Unrated severityNVD Advisory· Published Dec 18, 2024· Updated Dec 18, 2024

HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy

CVE-2024-53271

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

Affected products

Envoyproxy/Envoyv5
Range: >= 1.31.0, < 1.31.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8mitrex_refsource_MISC
github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4fmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000