x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34364

[tatianab]

CVE-2024-34364 references github.com/envoyproxy/envoy, which may be a Go module.

Description:
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-34364
• JSON: https://github.com/CVEProject/cvelist/tree/e076e9c24f3ede5a41143e706602e9c41139fd45/2024/34xxx/CVE-2024-34364.json
• advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-34364
• web: GHSA-xcj3-h7vf-fw26
• Imported by: https://pkg.go.dev/github.com/envoyproxy/envoy?tab=importedby

Cross references:

• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43824 #330 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43825 #331 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43826 #332 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21654 #333 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21655 #334 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21656 #335 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21657 #336 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-23606 #337 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29224 #484 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29225 #485 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29226 #486 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29227 #487 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29228 #488 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27487 #1690 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27488 #1691 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27491 #1692 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27492 #1693 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27493 #1694 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35945 #1917 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: GHSA-2wmf-p7f8-w42h #1921 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35941 #1966 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35942 #1968 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35943 #1969 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35944 #1970 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-44487 #2106 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-15226 #2242 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18801 #2247 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18802 #2248 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836 #2249 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18838 #2250 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-9900 #2260 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12603 #2273 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12604 #2274 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12605 #2275 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-15104 #2279 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25017 #2291 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25018 #2292 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35470 #2301 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35471 #2302 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659 #2307 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8660 #2308 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8661 #2309 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8663 #2310 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8664 #2311 LEGACY_FALSE_POSITIVE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23322 #2542 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23323 #2543 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23324 #2544 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23327 #2546 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-27919 #2710 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-30255 #2713 NOT_GO_CODE
• Module github.com/envoyproxy/envoy appears in issue x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32475 #2735 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.30.2
      packages:
        - package: envoy
summary: CVE-2024-34364 in github.com/envoyproxy/envoy
cves:
    - CVE-2024-34364
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-34364
    - web: https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26
source:
    id: CVE-2024-34364
    created: 2024-06-07T17:17:57.002509-04:00
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/592765 mentions this issue: data/excluded,data/reports: add 10 reports