Zero day announcement - CVE-2024-32475

22 views
Skip to first unread message

Adi Peleg

unread,
Apr 19, 2024, 10:38:14 AMApr 19
to envoy-secur...@googlegroups.com, envoy-security, envoy-a...@googlegroups.com, envoy-ma...@googlegroups.com, envoy...@googlegroups.com, envoy-dev

Hello Envoy Community,


We are announcing a fix for a zero day related to abnormal termination when using auto_sni with :authority header longer than 255 characters. More details can be found at: CVE-2024-32475.


Patched Envoy versions are: 1.30.1, 1.29.4, 1.28.3, 1.27.5, and can be fetched from https://github.com/envoyproxy/envoy/releases.


Thanks,

Envoy maintainers


Reply all
Reply to author
Forward
0 new messages