CVE-2024-53271: HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy
First published: Wed Dec 18 2024(Updated: )
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Envoy Proxy | <1.31.5<1.32.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-53271?
CVE-2024-53271 is considered a critical vulnerability due to its potential to cause downstream failures in networked devices.
How do I fix CVE-2024-53271?
To mitigate CVE-2024-53271, upgrade Envoy Proxy to versions 1.31.5 or 1.32.3 or later.
Which versions of Envoy Proxy are affected by CVE-2024-53271?
CVE-2024-53271 affects Envoy Proxy versions prior to 1.31.5 and 1.32.3.
What does CVE-2024-53271 impact in Envoy Proxy?
CVE-2024-53271 impacts the handling of HTTP/1.1 non-101 1xx responses, leading to potential failures.
Is there a workaround for CVE-2024-53271?
Currently, the recommended solution for CVE-2024-53271 is to upgrade to the fixed versions, as there are no stated workarounds.
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/envoy
- canonical/envoy proxy