CVE-2024-53271

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-53271
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53271.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53271
Aliases
Published
2024-12-18T19:12:20.612Z
Modified
2025-12-01T19:41:35.483373Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
Summary
HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy
Details

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

Database specific 
{
    "cwe_ids": [
        "CWE-670"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53271.json"
}
References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
7b8baff1758f0a584dcc3cb657b5032000bcb3d7
Fixed
688c4bbe47f4d05bb8ed268f5172bb026cf03242
Database specific 
{
    "versions": [
        {
            "introduced": "1.31.0"
        },
        {
            "fixed": "1.31.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
86dc7ef91ca15fb4957a74bd599397413fc26a24
Fixed
58bd599ebd5918d4d005de60954fcd2cb00abd95
Database specific 
{
    "versions": [
        {
            "introduced": "1.32.0"
        },
        {
            "fixed": "1.32.3"
        }
    ]
}

Affected versions

v1.*

v1.31.0
v1.31.1
v1.31.2
v1.31.3
v1.31.4
v1.32.0
v1.32.1
v1.32.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53271.json"