VDB
BIT-envoy-2024-39305
BIT-envoy-2024-39305
PUBLISHED
CVSS 9.100000381469727 CRITICAL
Envoy Proxy use after free when route hash policy is configured with cookie attributes
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | envoy | 0, 1.28.0, 1.29.0 |
Timeline
- Jul 3, 2024 CVE Published
- Oct 15, 2025 CVE Updated
References
- https://github.com/envoyproxy/envoy/commit/02a06681fbe0e039b1c7a9215257a7537eddb518 url
- https://github.com/envoyproxy/envoy/commit/50b384cb203a1f2894324cbae64b6d9bc44cce45 url
- https://github.com/envoyproxy/envoy/commit/99b6e525fb9f6f6f19a0425f779bc776f121c7e5 url
- https://github.com/envoyproxy/envoy/commit/b7f509607ad860fd6a63cde4f7d6f0197f9f63bb url
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-fp35-g349-h66f url
- https://nvd.nist.gov/vuln/detail/CVE-2024-39305 url