x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269

Advisory [CVE-2024-53269](https://nvd.nist.gov/vuln/detail/CVE-2024-53269) references a vulnerability in the following Go modules:

| Module |
| - |
| [github.com/envoyproxy/envoy](https://pkg.go.dev/github.com/envoyproxy/envoy) |

Description:
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

References:
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-53269
- FIX: https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401
- WEB: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53

Cross references:
- github.com/envoyproxy/envoy appears in 67 other report(s):
  - data/excluded/GO-2022-0330.yaml    (https://github.com/golang/vulndb/issues/330)    NOT_GO_CODE
  - data/excluded/GO-2022-0331.yaml    (https://github.com/golang/vulndb/issues/331)    NOT_GO_CODE
  - data/excluded/GO-2022-0332.yaml    (https://github.com/golang/vulndb/issues/332)    NOT_GO_CODE
  - data/excluded/GO-2022-0333.yaml    (https://github.com/golang/vulndb/issues/333)    NOT_GO_CODE
  - data/excluded/GO-2022-0334.yaml    (https://github.com/golang/vulndb/issues/334)    NOT_GO_CODE
  - data/excluded/GO-2022-0335.yaml    (https://github.com/golang/vulndb/issues/335)    NOT_GO_CODE
  - data/excluded/GO-2022-0336.yaml    (https://github.com/golang/vulndb/issues/336)    NOT_GO_CODE
  - data/excluded/GO-2022-0337.yaml    (https://github.com/golang/vulndb/issues/337)    NOT_GO_CODE
  - data/excluded/GO-2022-0484.yaml    (https://github.com/golang/vulndb/issues/484)    NOT_GO_CODE
  - data/excluded/GO-2022-0485.yaml    (https://github.com/golang/vulndb/issues/485)    NOT_GO_CODE
  - data/excluded/GO-2022-0486.yaml    (https://github.com/golang/vulndb/issues/486)    NOT_GO_CODE
  - data/excluded/GO-2022-0487.yaml    (https://github.com/golang/vulndb/issues/487)    NOT_GO_CODE
  - data/excluded/GO-2022-0488.yaml    (https://github.com/golang/vulndb/issues/488)    NOT_GO_CODE
  - data/excluded/GO-2023-1690.yaml    (https://github.com/golang/vulndb/issues/1690)    NOT_GO_CODE
  - data/excluded/GO-2023-1691.yaml    (https://github.com/golang/vulndb/issues/1691)    NOT_GO_CODE
  - data/excluded/GO-2023-1692.yaml    (https://github.com/golang/vulndb/issues/1692)    NOT_GO_CODE
  - data/excluded/GO-2023-1693.yaml    (https://github.com/golang/vulndb/issues/1693)    NOT_GO_CODE
  - data/excluded/GO-2023-1694.yaml    (https://github.com/golang/vulndb/issues/1694)    NOT_GO_CODE
  - data/excluded/GO-2023-1695.yaml    (https://github.com/golang/vulndb/issues/1695)    NOT_GO_CODE
  - data/excluded/GO-2023-1917.yaml    (https://github.com/golang/vulndb/issues/1917)    NOT_GO_CODE
  - data/excluded/GO-2023-1921.yaml    (https://github.com/golang/vulndb/issues/1921)    NOT_GO_CODE
  - data/excluded/GO-2023-1966.yaml    (https://github.com/golang/vulndb/issues/1966)    NOT_GO_CODE
  - data/excluded/GO-2023-1968.yaml    (https://github.com/golang/vulndb/issues/1968)    NOT_GO_CODE
  - data/excluded/GO-2023-1969.yaml    (https://github.com/golang/vulndb/issues/1969)    NOT_GO_CODE
  - data/excluded/GO-2023-1970.yaml    (https://github.com/golang/vulndb/issues/1970)    NOT_GO_CODE
  - data/excluded/GO-2023-2106.yaml    (https://github.com/golang/vulndb/issues/2106)    NOT_GO_CODE
  - data/excluded/GO-2023-2242.yaml    (https://github.com/golang/vulndb/issues/2242)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2247.yaml    (https://github.com/golang/vulndb/issues/2247)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2248.yaml    (https://github.com/golang/vulndb/issues/2248)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2249.yaml    (https://github.com/golang/vulndb/issues/2249)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2250.yaml    (https://github.com/golang/vulndb/issues/2250)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2260.yaml    (https://github.com/golang/vulndb/issues/2260)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2273.yaml    (https://github.com/golang/vulndb/issues/2273)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2274.yaml    (https://github.com/golang/vulndb/issues/2274)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2275.yaml    (https://github.com/golang/vulndb/issues/2275)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2279.yaml    (https://github.com/golang/vulndb/issues/2279)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2291.yaml    (https://github.com/golang/vulndb/issues/2291)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2292.yaml    (https://github.com/golang/vulndb/issues/2292)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2301.yaml    (https://github.com/golang/vulndb/issues/2301)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2302.yaml    (https://github.com/golang/vulndb/issues/2302)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2307.yaml    (https://github.com/golang/vulndb/issues/2307)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2308.yaml    (https://github.com/golang/vulndb/issues/2308)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2309.yaml    (https://github.com/golang/vulndb/issues/2309)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2310.yaml    (https://github.com/golang/vulndb/issues/2310)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2023-2311.yaml    (https://github.com/golang/vulndb/issues/2311)    LEGACY_FALSE_POSITIVE
  - data/excluded/GO-2024-2542.yaml    (https://github.com/golang/vulndb/issues/2542)    NOT_GO_CODE
  - data/excluded/GO-2024-2543.yaml    (https://github.com/golang/vulndb/issues/2543)    NOT_GO_CODE
  - data/excluded/GO-2024-2544.yaml    (https://github.com/golang/vulndb/issues/2544)    NOT_GO_CODE
  - data/excluded/GO-2024-2545.yaml    (https://github.com/golang/vulndb/issues/2545)    NOT_GO_CODE
  - data/excluded/GO-2024-2546.yaml    (https://github.com/golang/vulndb/issues/2546)    NOT_GO_CODE
  - data/excluded/GO-2024-2710.yaml    (https://github.com/golang/vulndb/issues/2710)    NOT_GO_CODE
  - data/excluded/GO-2024-2713.yaml    (https://github.com/golang/vulndb/issues/2713)    NOT_GO_CODE
  - data/excluded/GO-2024-2735.yaml    (https://github.com/golang/vulndb/issues/2735)    NOT_GO_CODE
  - data/excluded/GO-2024-2890.yaml    (https://github.com/golang/vulndb/issues/2890)    NOT_GO_CODE
  - data/excluded/GO-2024-2892.yaml    (https://github.com/golang/vulndb/issues/2892)    NOT_GO_CODE
  - data/excluded/GO-2024-2893.yaml    (https://github.com/golang/vulndb/issues/2893)    NOT_GO_CODE
  - data/excluded/GO-2024-2894.yaml    (https://github.com/golang/vulndb/issues/2894)    NOT_GO_CODE
  - data/excluded/GO-2024-2895.yaml    (https://github.com/golang/vulndb/issues/2895)    NOT_GO_CODE
  - data/excluded/GO-2024-2896.yaml    (https://github.com/golang/vulndb/issues/2896)    NOT_GO_CODE
  - data/excluded/GO-2024-2897.yaml    (https://github.com/golang/vulndb/issues/2897)    NOT_GO_CODE
  - data/excluded/GO-2024-2960.yaml    (https://github.com/golang/vulndb/issues/2960)    NOT_GO_CODE
  - data/excluded/GO-2024-3144.yaml    (https://github.com/golang/vulndb/issues/3144)    NOT_GO_CODE
  - data/excluded/GO-2024-3145.yaml    (https://github.com/golang/vulndb/issues/3145)    NOT_GO_CODE
  - data/excluded/GO-2024-3146.yaml    (https://github.com/golang/vulndb/issues/3146)    NOT_GO_CODE
  - data/excluded/GO-2024-3147.yaml    (https://github.com/golang/vulndb/issues/3147)    NOT_GO_CODE
  - data/excluded/GO-2024-3148.yaml    (https://github.com/golang/vulndb/issues/3148)    NOT_GO_CODE
  - data/excluded/GO-2024-3149.yaml    (https://github.com/golang/vulndb/issues/3149)    NOT_GO_CODE

See [doc/quickstart.md](https://github.com/golang/vulndb/blob/master/doc/quickstart.md) for instructions on how to triage this report.

```
id: GO-ID-PENDING
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.32.3
summary: CVE-2024-53269 in github.com/envoyproxy/envoy
cves:
    - CVE-2024-53269
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-53269
    - fix: https://github.com/envoyproxy/envoy/pull/37743/commits/3f62168d86aceb90f743f63b50cc711710b1c401
    - web: https://github.com/envoyproxy/envoy/security/advisories/GHSA-mfqp-7mmj-rm53
source:
    id: CVE-2024-53269
    created: 2024-12-18T21:01:25.889980164Z
review_status: UNREVIEWED

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269 #3345

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-53269 #3345

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions