x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269 #3345

GoVulnBot · 2024-12-18T21:01:26Z

Advisory CVE-2024-53269 references a vulnerability in the following Go modules:

Module
github.com/envoyproxy/envoy

Description:
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

References:

ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-53269
FIX: envoyproxy/envoy@3f62168
WEB: GHSA-mfqp-7mmj-rm53

Cross references:

github.com/envoyproxy/envoy appears in 67 other report(s):
- data/excluded/GO-2022-0330.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43824 #330) NOT_GO_CODE
- data/excluded/GO-2022-0331.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43825 #331) NOT_GO_CODE
- data/excluded/GO-2022-0332.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43826 #332) NOT_GO_CODE
- data/excluded/GO-2022-0333.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21654 #333) NOT_GO_CODE
- data/excluded/GO-2022-0334.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21655 #334) NOT_GO_CODE
- data/excluded/GO-2022-0335.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21656 #335) NOT_GO_CODE
- data/excluded/GO-2022-0336.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21657 #336) NOT_GO_CODE
- data/excluded/GO-2022-0337.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-23606 #337) NOT_GO_CODE
- data/excluded/GO-2022-0484.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29224 #484) NOT_GO_CODE
- data/excluded/GO-2022-0485.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29225 #485) NOT_GO_CODE
- data/excluded/GO-2022-0486.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29226 #486) NOT_GO_CODE
- data/excluded/GO-2022-0487.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29227 #487) NOT_GO_CODE
- data/excluded/GO-2022-0488.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29228 #488) NOT_GO_CODE
- data/excluded/GO-2023-1690.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27487 #1690) NOT_GO_CODE
- data/excluded/GO-2023-1691.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27488 #1691) NOT_GO_CODE
- data/excluded/GO-2023-1692.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27491 #1692) NOT_GO_CODE
- data/excluded/GO-2023-1693.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27492 #1693) NOT_GO_CODE
- data/excluded/GO-2023-1694.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27493 #1694) NOT_GO_CODE
- data/excluded/GO-2023-1695.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695) NOT_GO_CODE
- data/excluded/GO-2023-1917.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35945 #1917) NOT_GO_CODE
- data/excluded/GO-2023-1921.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: GHSA-2wmf-p7f8-w42h #1921) NOT_GO_CODE
- data/excluded/GO-2023-1966.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35941 #1966) NOT_GO_CODE
- data/excluded/GO-2023-1968.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35942 #1968) NOT_GO_CODE
- data/excluded/GO-2023-1969.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35943 #1969) NOT_GO_CODE
- data/excluded/GO-2023-1970.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35944 #1970) NOT_GO_CODE
- data/excluded/GO-2023-2106.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-44487 #2106) NOT_GO_CODE
- data/excluded/GO-2023-2242.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-15226 #2242) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2247.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18801 #2247) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2248.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18802 #2248) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2249.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836 #2249) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2250.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18838 #2250) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2260.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-9900 #2260) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2273.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12603 #2273) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2274.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12604 #2274) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2275.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12605 #2275) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2279.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-15104 #2279) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2291.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25017 #2291) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2292.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25018 #2292) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2301.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35470 #2301) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2302.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35471 #2302) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2307.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659 #2307) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2308.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8660 #2308) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2309.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8661 #2309) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2310.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8663 #2310) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2311.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8664 #2311) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2024-2542.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23322 #2542) NOT_GO_CODE
- data/excluded/GO-2024-2543.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23323 #2543) NOT_GO_CODE
- data/excluded/GO-2024-2544.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23324 #2544) NOT_GO_CODE
- data/excluded/GO-2024-2545.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545) NOT_GO_CODE
- data/excluded/GO-2024-2546.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23327 #2546) NOT_GO_CODE
- data/excluded/GO-2024-2710.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-27919 #2710) NOT_GO_CODE
- data/excluded/GO-2024-2713.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-30255 #2713) NOT_GO_CODE
- data/excluded/GO-2024-2735.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32475 #2735) NOT_GO_CODE
- data/excluded/GO-2024-2890.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23326 #2890) NOT_GO_CODE
- data/excluded/GO-2024-2892.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32974 #2892) NOT_GO_CODE
- data/excluded/GO-2024-2893.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32975 #2893) NOT_GO_CODE
- data/excluded/GO-2024-2894.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32976 #2894) NOT_GO_CODE
- data/excluded/GO-2024-2895.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34362 #2895) NOT_GO_CODE
- data/excluded/GO-2024-2896.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34363 #2896) NOT_GO_CODE
- data/excluded/GO-2024-2897.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34364 #2897) NOT_GO_CODE
- data/excluded/GO-2024-2960.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-39305 #2960) NOT_GO_CODE
- data/excluded/GO-2024-3144.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-7207 #3144) NOT_GO_CODE
- data/excluded/GO-2024-3145.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45806 #3145) NOT_GO_CODE
- data/excluded/GO-2024-3146.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45807 #3146) NOT_GO_CODE
- data/excluded/GO-2024-3147.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45808 #3147) NOT_GO_CODE
- data/excluded/GO-2024-3148.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45809 #3148) NOT_GO_CODE
- data/excluded/GO-2024-3149.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45810 #3149) NOT_GO_CODE

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.32.3
summary: CVE-2024-53269 in github.com/envoyproxy/envoy
cves:
    - CVE-2024-53269
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-53269
    - fix: https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401
    - web: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53
source:
    id: CVE-2024-53269
    created: 2024-12-18T21:01:25.889980164Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-12-20T20:07:31Z

Change https://go.dev/cl/637958 mentions this issue: data/excluded: add 4 excluded reports

GoVulnBot added cve-year-2024 NeedsTriage labels Dec 18, 2024

tatianab added possibly not Go triaged excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. and removed NeedsTriage possibly not Go labels Dec 20, 2024

gopherbot closed this as completed in 625199c Dec 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269 #3345

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269 #3345

GoVulnBot commented Dec 18, 2024

gopherbot commented Dec 20, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269 #3345

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269 #3345

Comments

GoVulnBot commented Dec 18, 2024

gopherbot commented Dec 20, 2024