BIT-envoy-2024-53271

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/envoy/BIT-envoy-2024-53271.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-envoy-2024-53271

Aliases

CVE-2024-53271

Published

2024-12-20T07:08:24.205Z

Modified

2025-05-20T10:02:07.006Z

Summary

HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy

Details

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / envoy

Package

Name: envoy
Purl: pkg:bitnami/envoy

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.31.0

Fixed

1.31.5

Introduced

1.32.0

Fixed

1.32.3