Security Advisory

CVE-2024-34362

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-04 20:59:56

Last updated 2024-08-19 15:35:54

Assigner GitHub_M

State PUBLISHED

Description

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.

← Browse all CVEs View on cve.org ↗