CVE-2024-45807
HIGHDescription
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| envoyproxy | envoy |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-45807? +
How severe is CVE-2024-45807? +
What products are affected by CVE-2024-45807? +
How do I check if I'm vulnerable to CVE-2024-45807? +
Related Vulnerabilities
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior …
Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed …
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS …
An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via …
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when …
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. …