U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-23325

Change History

New CVE Received by NIST 2/09/2024 6:15:09 PM

Action Type Old Value New Value
Added CVSS V3.1

GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE

GitHub, Inc. CWE-248
Added CWE

GitHub, Inc. CWE-755
Added Description

Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address.  It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Added Reference

GitHub, Inc. https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237 [No types assigned]
Added Reference

GitHub, Inc. https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26 [No types assigned]