PT-2024-3051 · Envoy+1 · Envoy+1
Phlax
·
Published
2024-02-09
·
Updated
2024-04-23
·
CVE-2024-23323
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Envoy versions prior to 1.26.7
Envoy versions prior to 1.27.3
Envoy versions prior to 1.28.1
Envoy versions prior to 1.29.1
Description
The issue is related to a high-performance edge/middle/service proxy, where the regex expression is compiled for every request, resulting in high CPU usage and increased request latency when multiple routes are configured with such matchers. This can be exploited by a remote attacker to cause a denial of service.
Recommendations
For versions prior to 1.26.7, upgrade to version 1.26.7 or later.
For versions prior to 1.27.3, upgrade to version 1.27.3 or later.
For versions prior to 1.28.1, upgrade to version 1.28.1 or later.
For versions prior to 1.29.1, upgrade to version 1.29.1 or later.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Envoy
Red Os