x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545

GoVulnBot · 2024-02-10T00:01:34Z

CVE-2024-23325 references github.com/envoyproxy/envoy, which may be a Go module.

Description:
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References:

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-23325
JSON: https://github.com/CVEProject/cvelist/tree/a7e213dcc7f8ba1a4bf1befb1e58b0918b95abae/2024/23xxx/CVE-2024-23325.json
advisory: GHSA-5m7c-mrwr-pm26
fix: envoyproxy/envoy@bacd310
Imported by: https://pkg.go.dev/github.com/envoyproxy/envoy?tab=importedby

Cross references:

Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43824 #330 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43825 #331 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43826 #332 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21654 #333 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21655 #334 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21656 #335 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21657 #336 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-23606 #337 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29224 #484 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29225 #485 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29226 #486 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29227 #487 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29228 #488 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27487 #1690 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27488 #1691 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27491 #1692 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27492 #1693 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27493 #1694 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35945 #1917 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: GHSA-2wmf-p7f8-w42h #1921 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35941 #1966 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35942 #1968 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35943 #1969 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35944 #1970 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-44487 #2106 NOT_GO_CODE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-15226 #2242 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18801 #2247 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18802 #2248 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836 #2249 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18838 #2250 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-9900 #2260 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12603 #2273 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12604 #2274 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12605 #2275 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-15104 #2279 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25017 #2291 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25018 #2292 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35470 #2301 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35471 #2302 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659 #2307 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8660 #2308 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8661 #2309 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8663 #2310 LEGACY_FALSE_POSITIVE
Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8664 #2311 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.29.0
      packages:
        - package: envoy
cves:
    - CVE-2024-23325
references:
    - advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26
    - fix: https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-02-29T01:17:59Z

Change https://go.dev/cl/568036 mentions this issue: data/excluded: batch add 23 excluded reports

neild self-assigned this Feb 28, 2024

neild added the excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. label Feb 28, 2024

gopherbot closed this as completed in 8bed429 Feb 29, 2024

This was referenced Apr 10, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-27919 #2710

Closed

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-30255 #2713

Closed

GoVulnBot mentioned this issue Apr 18, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32475 #2735

Closed

GoVulnBot mentioned this issue Jul 1, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-39305 #2960

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545

GoVulnBot commented Feb 10, 2024

gopherbot commented Feb 29, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545

Comments

GoVulnBot commented Feb 10, 2024

gopherbot commented Feb 29, 2024