Home > Vulnerability Database > CVE-2024-53269

Mend.io Vulnerability Database

CVE-2024-53269

Date: December 18, 2024

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

Language: C++

Severity Score

4.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53269

Url: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53

Url: https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401

Url: https://www.mend.io/vulnerability-database/CVE-2024-53269

Severity Score

4.5

Weakness Type (CWE)

Always-Incorrect Control Flow Implementation

CWE-670

CVSS v3.1

Base Score:	4.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53269

Date: December 18, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?