Upstream information
Description
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| CNA (GitHub) | National Vulnerability Database | |
|---|---|---|
| Base Score | 4.5 | 7.5 |
| Vector | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Adjacent Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | High | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | None | None |
| Integrity Impact | None | None |
| Availability Impact | High | High |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Timeline for this CVE
CVE page created: Wed Dec 18 22:00:36 2024CVE page last modified: Fri Aug 29 01:17:02 2025