x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45810 #3149

GoVulnBot · 2024-09-20T01:01:24Z

Advisory CVE-2024-45810 references a vulnerability in the following Go modules:

Module
github.com/envoyproxy/envoy

Description:
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply() in http async client, one reason is http async client is duplicating the status code, another one is the destroy of router is called at the destructor of the async stream, while the stream is deferred deleted at first. There will be problems that the stream decoder is destroyed but its reference is called in `router.onDe...

References:

ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-45810
WEB: GHSA-qm74-x36m-555q

Cross references:

github.com/envoyproxy/envoy appears in 61 other report(s):
- data/excluded/GO-2022-0330.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43824 #330) NOT_GO_CODE
- data/excluded/GO-2022-0331.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43825 #331) NOT_GO_CODE
- data/excluded/GO-2022-0332.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43826 #332) NOT_GO_CODE
- data/excluded/GO-2022-0333.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21654 #333) NOT_GO_CODE
- data/excluded/GO-2022-0334.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21655 #334) NOT_GO_CODE
- data/excluded/GO-2022-0335.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21656 #335) NOT_GO_CODE
- data/excluded/GO-2022-0336.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21657 #336) NOT_GO_CODE
- data/excluded/GO-2022-0337.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-23606 #337) NOT_GO_CODE
- data/excluded/GO-2022-0484.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29224 #484) NOT_GO_CODE
- data/excluded/GO-2022-0485.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29225 #485) NOT_GO_CODE
- data/excluded/GO-2022-0486.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29226 #486) NOT_GO_CODE
- data/excluded/GO-2022-0487.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29227 #487) NOT_GO_CODE
- data/excluded/GO-2022-0488.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29228 #488) NOT_GO_CODE
- data/excluded/GO-2023-1690.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27487 #1690) NOT_GO_CODE
- data/excluded/GO-2023-1691.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27488 #1691) NOT_GO_CODE
- data/excluded/GO-2023-1692.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27491 #1692) NOT_GO_CODE
- data/excluded/GO-2023-1693.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27492 #1693) NOT_GO_CODE
- data/excluded/GO-2023-1694.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27493 #1694) NOT_GO_CODE
- data/excluded/GO-2023-1695.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695) NOT_GO_CODE
- data/excluded/GO-2023-1917.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35945 #1917) NOT_GO_CODE
- data/excluded/GO-2023-1921.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: GHSA-2wmf-p7f8-w42h #1921) NOT_GO_CODE
- data/excluded/GO-2023-1966.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35941 #1966) NOT_GO_CODE
- data/excluded/GO-2023-1968.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35942 #1968) NOT_GO_CODE
- data/excluded/GO-2023-1969.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35943 #1969) NOT_GO_CODE
- data/excluded/GO-2023-1970.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35944 #1970) NOT_GO_CODE
- data/excluded/GO-2023-2106.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-44487 #2106) NOT_GO_CODE
- data/excluded/GO-2023-2242.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-15226 #2242) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2247.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18801 #2247) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2248.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18802 #2248) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2249.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836 #2249) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2250.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18838 #2250) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2260.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-9900 #2260) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2273.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12603 #2273) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2274.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12604 #2274) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2275.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12605 #2275) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2279.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-15104 #2279) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2291.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25017 #2291) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2292.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25018 #2292) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2301.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35470 #2301) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2302.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35471 #2302) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2307.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659 #2307) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2308.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8660 #2308) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2309.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8661 #2309) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2310.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8663 #2310) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2311.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8664 #2311) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2024-2542.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23322 #2542) NOT_GO_CODE
- data/excluded/GO-2024-2543.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23323 #2543) NOT_GO_CODE
- data/excluded/GO-2024-2544.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23324 #2544) NOT_GO_CODE
- data/excluded/GO-2024-2545.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545) NOT_GO_CODE
- data/excluded/GO-2024-2546.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23327 #2546) NOT_GO_CODE
- data/excluded/GO-2024-2710.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-27919 #2710) NOT_GO_CODE
- data/excluded/GO-2024-2713.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-30255 #2713) NOT_GO_CODE
- data/excluded/GO-2024-2735.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32475 #2735) NOT_GO_CODE
- data/excluded/GO-2024-2890.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23326 #2890) NOT_GO_CODE
- data/excluded/GO-2024-2892.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32974 #2892) NOT_GO_CODE
- data/excluded/GO-2024-2893.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32975 #2893) NOT_GO_CODE
- data/excluded/GO-2024-2894.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32976 #2894) NOT_GO_CODE
- data/excluded/GO-2024-2895.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34362 #2895) NOT_GO_CODE
- data/excluded/GO-2024-2896.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34363 #2896) NOT_GO_CODE
- data/excluded/GO-2024-2897.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34364 #2897) NOT_GO_CODE
- data/excluded/GO-2024-2960.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-39305 #2960) NOT_GO_CODE

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.31.2
summary: CVE-2024-45810 in github.com/envoyproxy/envoy
cves:
    - CVE-2024-45810
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45810
    - web: https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q
source:
    id: CVE-2024-45810
    created: 2024-09-20T01:01:23.768172903Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45810 #3149

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45810 #3149

GoVulnBot commented Sep 20, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45810 #3149

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45810 #3149

Comments

GoVulnBot commented Sep 20, 2024