CVE-2024-23323

CVSS V2 None CVSS V3 None

Description

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Overview

CVE ID
CVE-2024-23323

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-02-09T22:50:18.938Z

Last Modified Date
2024-02-09T22:50:18.938Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html
CWE-1176	http://cwe.mitre.org/data/definitions/1176.html

References

Reference URL	Reference Tags
https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch	x_refsource_CONFIRM
https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-23323
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23323

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 06:46:03				Added to TrackCVE