CVE-2024-23327

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-476
View all →

Vulnerability Description

Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-1999-0052

HIGH
CVSS:7.5(High)

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CWE-4761999

CVE-2002-0401

HIGH
CVSS:7.5(High)

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL point...

CWE-4762002

CVE-2002-1912

HIGH
CVSS:7.5(High)

SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exceptio...

CWE-4762002

CVE-2003-1000

HIGH
CVSS:7.5(High)

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

CWE-4762003

CVE-2003-1013

HIGH
CVSS:7.5(High)

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

CWE-4762003

CVE-2004-0079

HIGH
CVSS:7.5(High)

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null ...

CWE-4762004