{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45807", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-09T14:23:07.504Z", "datePublished": "2024-09-19T23:34:28.938Z", "dateUpdated": "2024-09-20T17:26:33.330Z"}, "containers": {"cna": {"title": "oghttp2 crash on OnBeginHeadersForStream in envoy", "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "lang": "en", "description": "CWE-670: Always-Incorrect Control Flow Implementation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37"}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"version": ">= 1.31.0, < 1.31.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-19T23:34:28.938Z"}, "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-qc52-r4x5-9w37", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "envoyproxy", "product": "envoy", "cpes": ["cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.31.0", "status": "affected", "lessThan": "1.31.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-20T17:25:59.102708Z", "id": "CVE-2024-45807", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T17:26:33.330Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45807", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-20T17:25:59.102708Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*"], "vendor": "envoyproxy", "product": "envoy", "versions": [{"status": "affected", "version": "1.31.0", "lessThan": "1.31.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T17:26:27.764Z"}}], "cna": {"title": "oghttp2 crash on OnBeginHeadersForStream in envoy", "source": {"advisory": "GHSA-qc52-r4x5-9w37", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "envoyproxy", "product": "envoy", "versions": [{"status": "affected", "version": ">= 1.31.0, < 1.31.2"}]}], "references": [{"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37", "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670: Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-19T23:34:28.938Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45807", "state": "PUBLISHED", "dateUpdated": "2024-09-20T17:26:33.330Z", "dateReserved": "2024-09-09T14:23:07.504Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-19T23:34:28.938Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "C765FFC0-2FF7-4318-A347-2AFCAD0E7C74", "versionEndExcluding": "1.31.2", "versionStartIncluding": "1.31.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue."}, {"lang": "es", "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. La versi\u00f3n 1.31 de Envoy utiliza `oghttp` como el c\u00f3dec HTTP/2 predeterminado y existen posibles errores en la administraci\u00f3n de transmisiones en el c\u00f3dec. Para resolver esto, Envoy desactivar\u00e1 `oghttp2` de manera predeterminada. El impacto de este problema es que Envoy se bloquear\u00e1. Este problema se ha solucionado en la versi\u00f3n 1.31.2. Se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para este problema."}], "id": "CVE-2024-45807", "lastModified": "2024-09-25T17:12:38.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-20T00:15:02.520", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-670"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "envoy: Oghttp2 crash on `OnBeginHeadersForStream`", "id": "2313684", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313684"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-670", "details": ["Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the `oghttp2` by default. The impact of this issue is that envoy will crash. This issue has been addressed in release version 1.31.2. All users are advised to upgrade. There are no known workarounds for this issue.", "A flaw was found in Envoy. Affected version of Envoy are using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this issue, Envoy will switch off the `oghttp2` by default. This issue may cause envoy to crash."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-45807", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/istio-cni-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/pilot-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/proxyv2-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/proxyv2-rhel9", "product_name": "OpenShift Service Mesh 2"}], "public_date": "2024-09-20T00:15:02Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-45807\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45807\nhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-qc52-r4x5-9w37"], "statement": "The issue in Envoy, where the use of the `oghttp2` codec leads to potential crashes due to stream management bugs, is classified as a moderate severity vulnerability rather than an important because the crash occurs only under specific conditions related to HTTP/2 stream management, which may not be triggered in typical use cases, thereby limiting its immediate impact on most deployments.", "threat_severity": "Moderate"}