CVE-2024-53271

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8	Patch
https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f	Exploit Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:envoyproxy:envoy::::::::
	cpe:2.3:a:envoyproxy:envoy::::::::

History

No history.

Information

Published : 2024-12-18 20:15

Updated : 2025-09-04 14:03

NVD link : CVE-2024-53271

Mitre link : CVE-2024-53271

CVE.ORG link : CVE-2024-53271

JSON object : View

Products Affected

envoyproxy

envoy

CWE

CWE-670

Always-Incorrect Control Flow Implementation

{"id": "CVE-2024-53271", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2024-12-18T20:15:24.433", "references": [{"url": "https://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-670"}]}], "descriptions": [{"lang": "en", "value": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue."}, {"lang": "es", "value": "Envoy es un proxy de servicio, de borde y de medio alcance de alto rendimiento nativo de la nube. En las versiones afectadas, Envoy no gestiona correctamente las respuestas 1xx no 101 de http 1.1. Esto puede provocar fallas en los dispositivos conectados en red. Este problema se ha solucionado en las versiones 1.31.5 y 1.32.3. Se recomienda a los usuarios que actualicen. No existen workarounds conocidos para este problema."}], "lastModified": "2025-09-04T14:03:45.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1095DF48-5B40-4A98-97B5-6E021499D800", "versionEndExcluding": "1.31.5", "versionStartIncluding": "1.31.0"}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF745ED8-3027-44F9-A1C9-16C393C02779", "versionEndIncluding": "1.32.3", "versionStartIncluding": "1.32.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}