Vulnerabilities > CVE-2024-34363 - Unspecified vulnerability in Envoyproxy Envoy

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

envoyproxy

NVD

Published: 2024-06-04

Updated: 2024-06-11

Summary

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.

Vulnerable Configurations

Part	Description	Count
Application	Envoyproxy Envoyproxy Envoy 1.30.0 Envoyproxy Envoy 1.30.1 Envoyproxy Envoy 1.29.0 Envoyproxy Envoy 1.29.1 Envoyproxy Envoy 1.29.2 Envoyproxy Envoy 1.29.3 Envoyproxy Envoy 1.29.4 Envoyproxy Envoy 1.28.0 Envoyproxy Envoy 1.28.1 Envoyproxy Envoy 1.28.2 Envoyproxy Envoy 1.28.3	11

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4