{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34364", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-02T06:36:32.439Z", "datePublished": "2024-06-04T20:59:48.968Z", "dateUpdated": "2024-08-02T02:51:10.805Z"}, "containers": {"cna": {"title": "Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"version": ">= 1.30.0, <= 11.30.1", "status": "affected"}, {"version": ">= 1.29.0, <= 1.29.4", "status": "affected"}, {"version": ">= 1.28.0, <= 1.28.3", "status": "affected"}, {"version": "<= 1.27.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-04T20:59:48.968Z"}, "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer."}], "source": {"advisory": "GHSA-xcj3-h7vf-fw26", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T18:21:15.473753Z", "id": "CVE-2024-34364", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T18:21:22.154Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:10.805Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:10.805Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34364", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-25T18:21:15.473753Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T18:21:19.670Z"}}], "cna": {"title": "Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response", "source": {"advisory": "GHSA-xcj3-h7vf-fw26", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"status": "affected", "version": ">= 1.30.0, <= 11.30.1"}, {"status": "affected", "version": ">= 1.29.0, <= 1.29.4"}, {"status": "affected", "version": ">= 1.28.0, <= 1.28.3"}, {"status": "affected", "version": "<= 1.27.5"}]}], "references": [{"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-04T20:59:48.968Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34364", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:51:10.805Z", "dateReserved": "2024-05-02T06:36:32.439Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-04T20:59:48.968Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "1020E2E2-EDFA-4188-B17F-406904256EB1", "versionEndExcluding": "1.27.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5107DA5-4BC7-4AB8-8087-0DA20021D0B0", "versionEndExcluding": "1.28.4", "versionStartIncluding": "1.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "34583FBC-8B38-4BBB-9E3B-7731272C0A6F", "versionEndExcluding": "1.29.5", "versionStartIncluding": "1.29.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "65C0355B-7FAC-4417-B707-A3CA494C20A0", "versionEndExcluding": "1.30.2", "versionStartIncluding": "1.30.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer."}, {"lang": "es", "value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Envoy expuso un vector de falta de memoria (OOM) de la respuesta reflejada, ya que el cliente HTTP as\u00edncrono almacenar\u00e1 la respuesta en un b\u00fafer ilimitado."}], "id": "CVE-2024-34364", "lastModified": "2024-11-21T09:18:30.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-06-04T21:15:34.977", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "envoy: memory DoS in ext_proc and ext_authz", "id": "2283149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283149"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.", "A flaw was found in Envoy's ext_proc and ext_authz functions. This flaw allows a remote, unauthenticated attacker to trigger excessive memory consumption, causing a denial of service."], "name": "CVE-2024-34364", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/proxyv2-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "servicemesh-proxy", "product_name": "OpenShift Service Mesh 2"}], "public_date": "2024-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-34364\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34364\nhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26"], "threat_severity": "Moderate"}