Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-30726 Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00017}

epss

{'score': 0.00015}


Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00015}

epss

{'score': 0.00017}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T02:27:53.474Z

Reserved: 2024-04-22T15:14:59.166Z

Link: CVE-2024-32974

cve-icon Vulnrichment

Updated: 2024-08-02T02:27:53.474Z

cve-icon NVD

Status : Modified

Published: 2024-06-04T21:15:33.773

Modified: 2024-11-21T09:16:08.717

Link: CVE-2024-32974

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-04T00:00:00Z

Links: CVE-2024-32974 - Bugzilla

cve-icon OpenCVE Enrichment

No data.