Open mend-for-github-com[bot] opened 4 months ago
Fork of Envoy used for testing and tinkering as part of the Istio dev process
Library home page: https://github.com/istio/envoy.git
Found in base branch: main
/source/extensions/compression/brotli/decompressor/brotli_decompressor_impl.cc
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
Publish Date: 2024-06-04
URL: CVE-2024-32976
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m
Release Date: 2024-06-04
Fix Resolution: v1.27.6,v1.28.4,v1.29.5,v1.30.2
CVE-2024-32976 - High Severity Vulnerability
Fork of Envoy used for testing and tinkering as part of the Istio dev process
Library home page: https://github.com/istio/envoy.git
Found in base branch: main
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
Publish Date: 2024-06-04
URL: CVE-2024-32976
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m
Release Date: 2024-06-04
Fix Resolution: v1.27.6,v1.28.4,v1.29.5,v1.30.2