How severe is CVE-2024-23322?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-23322?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2024-23322 - HIGH Severity | CVSS 7.5

Vulnerability Description

Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2006-4434

HIGH

CVSS:7.5(High)

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced....

CWE-4162006

CVE-2006-4997

HIGH

CVSS:7.5(High)

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access th...

CWE-4162006

CVE-2009-3553

HIGH

CVSS:7.5(High)

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote att...

CWE-4162009

CVE-2010-0302

HIGH

CVSS:7.5(High)

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll...

CWE-4162010

CVE-2010-4168

HIGH

CVSS:7.5(High)

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmis...

CWE-4162010

CVE-2015-3890

HIGH

CVSS:7.5(High)

Use-after-free vulnerability in Open Litespeed before 1.3.10.

CWE-4162015