ISTIO-SECURITY-2024-003
CVEs reported by Envoy.
| Disclosure Details | |
|---|---|
| CVE(s) | CVE-2024-32475 |
| CVSS Impact Score | 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Affected Releases | All releases prior to 1.19.0 1.19.0 to 1.19.9 1.20.0 to 1.20.5 1.21.0 to 1.21.1 |
CVE
Envoy CVEs
- CVE-2024-32475: (CVSS Score 7.5, High): Abnormal termination when using
auto_sniwith:authorityheader longer than 255 characters.
Am I Impacted?
You are impacted if you enabled the auto_sni feature of Envoy, are using Istio versions 1.21.0 or above where this was enabled by default, or
are using an Egress Gateway.