Denial of service vulnerability in Envoy in Apple Mac OS - CVE-2024-30255ID: oval:org.secpod.oval:def:99622 | Date: (C)2024-04-30 (M)2024-04-30 |
Class: VULNERABILITY | Family: macos |
The host is installed with getenvoy-envoy version 1.29.0 before 1.29.3, 1.28.0 before 1.28.2, 1.27.0 before 1.27.4, or before 1.26.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues in HTTP/2 codec. On successful exploitation, An attacker can send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 11 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.15 |