GCP-2024-007

Google Cloud Platform Security Advisory

Published: 2024-02-08

Description

DescriptionSeverityNotes

The following CVEs expose Anthos Service Mesh to exploitable vulnerabilities:

  • CVE-2024-23322: Envoy crashes when idle and requests per try timeout occur within the backoff interval.
  • CVE-2024-23323: Excessive CPU usage when URI template matcher is configured using regex.
  • CVE-2024-23324: External authorization can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata.
  • Envoy crashes when using an address type that isn’t supported by the OS.
  • CVE-2024-23327: Crash in proxy protocol when command type is LOCAL.

For instructions and more details, see the Anthos Service Meshsecurity bulletin.

High

CLICK FOR MORE INFORMATION