{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32475", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-12T19:41:51.167Z", "datePublished": "2024-04-18T14:18:18.947Z", "dateUpdated": "2024-08-02T02:13:39.139Z"}, "containers": {"cna": {"title": "Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes", "problemTypes": [{"descriptions": [{"cweId": "CWE-253", "lang": "en", "description": "CWE-253: Incorrect Check of Function Return Value", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-617", "lang": "en", "description": "CWE-617: Reachable Assertion", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"}, {"name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", "tags": ["x_refsource_MISC"], "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"version": ">= 1.30.0, < 11.30.1", "status": "affected"}, {"version": ">= 1.29.0, < 1.29.4", "status": "affected"}, {"version": ">= 1.28.0, < 1.28.3", "status": "affected"}, {"version": ">= 1.13.0, < 1.27.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-18T14:18:18.947Z"}, "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n"}], "source": {"advisory": "GHSA-3mh5-6q8v-25wj", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32475", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T19:38:07.050413Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"], "vendor": "envoyproxy", "product": "envoy", "versions": [{"status": "affected", "version": "1.13.0", "lessThan": "1.27.5", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:51:20.709Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.139Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"}, {"name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", "name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.139Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32475", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T19:38:07.050413Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"], "vendor": "envoyproxy", "product": "envoy", "versions": [{"status": "affected", "version": "1.13.0", "lessThan": "1.27.5", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-23T19:40:36.084Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes", "source": {"advisory": "GHSA-3mh5-6q8v-25wj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"status": "affected", "version": ">= 1.30.0, < 11.30.1"}, {"status": "affected", "version": ">= 1.29.0, < 1.29.4"}, {"status": "affected", "version": ">= 1.28.0, < 1.28.3"}, {"status": "affected", "version": ">= 1.13.0, < 1.27.5"}]}], "references": [{"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", "name": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-253", "description": "CWE-253: Incorrect Check of Function Return Value"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-18T14:18:18.947Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32475", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:13:39.139Z", "dateReserved": "2024-04-12T19:41:51.167Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-18T14:18:18.947Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "C14D25B6-21FA-458F-AE81-49C261C9E6B0", "versionEndExcluding": "1.27.5", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4ECE390-0C15-4C94-AA80-1DAA7479ADA5", "versionEndExcluding": "1.28.3", "versionStartIncluding": "1.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDB6B9D8-64C1-48CD-9AB1-38364D93AAEE", "versionEndExcluding": "1.29.4", "versionStartIncluding": "1.29.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:1.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "063805F2-0BF6-4527-A383-0EC37C5FE4D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.\n"}, {"lang": "es", "value": "Envoy es un proxy de servicio y borde de c\u00f3digo abierto, nativo de la nube. Cuando se utiliza un cl\u00faster TLS ascendente con `auto_sni` habilitado, una solicitud que contiene un encabezado `host`/`:authority` de m\u00e1s de 255 caracteres desencadena una terminaci\u00f3n anormal del proceso de Envoy. Envoy no maneja correctamente un error al configurar SNI para la conexi\u00f3n TLS saliente. El error puede ocurrir cuando Envoy intenta usar el valor del encabezado `host`/`:authority` de m\u00e1s de 255 caracteres como SNI para la conexi\u00f3n TLS saliente. La longitud del SNI est\u00e1 limitada a 255 caracteres seg\u00fan el est\u00e1ndar. Envoy siempre espera que esta operaci\u00f3n tenga \u00e9xito y aborta el proceso de forma anormal cuando falla. Esta vulnerabilidad se solucion\u00f3 en 1.30.1, 1.29.4, 1.28.3 y 1.27.5."}], "id": "CVE-2024-32475", "lastModified": "2025-09-04T19:39:08.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-18T15:15:30.670", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-253"}, {"lang": "en", "value": "CWE-617"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7724", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/grafana-rhel8:2.4.11-2", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7724", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.4.11-2", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7724", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.4.11-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7724", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/kiali-rhel8:1.65.16-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7724", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/pilot-rhel8:2.4.11-2", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7724", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.4.11-5", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7724", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.4.11-2", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/grafana-rhel8:2.5.5-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.5.5-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.5.5-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.73.14-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.15-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/pilot-rhel8:2.5.5-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.5.5-6", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7725", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.5.5-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-10-07T00:00:00Z"}], "bugzilla": {"description": "envoy: abnormal termination when using auto_sni with authority header longer than 255 characters", "id": "2276149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276149"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "(CWE-253|CWE-617)", "details": ["Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5.", "A flaw was found in Envoy, a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with \"auto_sni\" enabled, a request containing a \"host/:authority\" header longer than 255 characters triggers an abnormal termination of the Envoy process, leading to a denial of service."], "name": "CVE-2024-32475", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "servicemesh-proxy", "product_name": "OpenShift Service Mesh 2"}], "public_date": "2024-04-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-32475\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-32475\nhttps://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382\nhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj"], "threat_severity": "Important"}