PT-2024-9685 · Envoy · Envoy
Botengyao
+2
·
Published
2024-11-19
·
Updated
2025-08-28
·
CVE-2024-53269
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Envoy versions prior to 1.30.8
Envoy versions prior to 1.31.4
Envoy versions prior to 1.32.2
Description
The issue is related to the Happy Eyeballs sorting algorithm in the Envoy proxy, which crashes when additional addresses are not IP addresses. This can be exploited by a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not specified.
Recommendations
For versions prior to 1.30.8, upgrade to version 1.30.8 or later.
For versions prior to 1.31.4, upgrade to version 1.31.4 or later.
For versions prior to 1.32.2, upgrade to version 1.32.2 or later.
As a temporary workaround, consider disabling the Happy Eyeballs algorithm until a patch is available.
Alternatively, change the IP configuration to prevent the crash.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Envoy