{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "1.32.0" }, { "fixed": "1.32.3" } ] }, "events": [ { "introduced": "86dc7ef91ca15fb4957a74bd599397413fc26a24" }, { "fixed": "58bd599ebd5918d4d005de60954fcd2cb00abd95" } ], "repo": "https://github.com/envoyproxy/envoy", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "1.31.0" }, { "fixed": "1.31.5" } ] }, "events": [ { "introduced": "7b8baff1758f0a584dcc3cb657b5032000bcb3d7" }, { "fixed": "688c4bbe47f4d05bb8ed268f5172bb026cf03242" } ], "repo": "https://github.com/envoyproxy/envoy", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "1.30.0" }, { "fixed": "1.30.9" } ] }, "events": [ { "introduced": "50ea83e602d5da162df89fd5798301e22f5540cf" }, { "fixed": "e409e0a2cedef46b5229f1a603125dccf779e540" } ], "repo": "https://github.com/envoyproxy/envoy", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "1.29.12" } ] }, "events": [ { "introduced": "0" }, { "fixed": "5c3dc559371181d5baa4a7533c36f2370fc97581" } ], "repo": "https://github.com/envoyproxy/envoy", "type": "GIT" } ] } ], "aliases": [ "GHSA-q9qv-8j52-77p3" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-670" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53270.json" }, "details": "Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold.", "id": "CVE-2024-53270", "modified": "2026-04-01T23:10:19.188148124Z", "published": "2024-12-18T19:12:18.775Z", "references": [ { "type": "WEB", "url": "https://github.com/envoyproxy/envoy/pull/37743/commits/6cf8afda956ba67c9afad185b962325a5242ef02" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53270.json" }, { "type": "ADVISORY", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53270" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "HTTP/1: sending overload crashes when the request is reset beforehand in envoy" }