Envoy Proxy Integer Underflow (Wrap or Wraparound) Vulnerability - CVE-2024-32975 - Vulnerability Database

Envoy Proxy Integer Underflow (Wrap or Wraparound) Vulnerability - CVE-2024-32975

High

Reference: CVE-2024-32975

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-32975

Title: Envoy Proxy Integer Underflow (Wrap or Wraparound) Vulnerability

Overview:

Envoy is a cloud-native open source edge and service proxy. There is a crash at QuicheDataReader::PeekVarInt62Length(). It is caused by integer underflow in the QuicStreamSequencerBuffer::PeekRegion() implementation.