CVE-2024-45807

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.31 through 1.31.1

Description: Envoy is a cloud-native high-performance edge/middle/service proxy. In version 1.31, Envoy is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. The impact of this issue is that Envoy will crash.

Recommendations: For Envoy versions 1.31 through 1.31.1, upgrade to release version 1.31.2 to resolve the issue. As a temporary workaround, consider disabling the use of oghttp as the default HTTP/2 codec until a patch is available.