Zero day announcement - CVE-2024-32475

23 views

Skip to first unread message

Adi Peleg

unread,

Apr 19, 2024, 10:38:13 AMApr 19

to envoy-secur...@googlegroups.com, envoy-security, envoy-a...@googlegroups.com, envoy-ma...@googlegroups.com, envoy...@googlegroups.com, envoy-dev

Hello Envoy Community,

We are announcing a fix for a zero day related to abnormal termination when using auto_sni with :authority header longer than 255 characters. More details can be found at: CVE-2024-32475.

Patched Envoy versions are: 1.30.1, 1.29.4, 1.28.3, 1.27.5, and can be fetched from https://github.com/envoyproxy/envoy/releases.

Thanks,

Envoy maintainers

Reply all

Reply to author

Forward

0 new messages