{"id":"CVE-2024-53270","summary":"HTTP/1: sending overload crashes when the request is reset beforehand in envoy","details":"Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold.","aliases":["BIT-envoy-2024-53270","GHSA-q9qv-8j52-77p3"],"modified":"2026-04-10T05:18:21.876079Z","published":"2024-12-18T19:12:18.775Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53270.json","cwe_ids":["CWE-670"]},"references":[{"type":"WEB","url":"https://github.com/envoyproxy/envoy/pull/37743/commits/6cf8afda956ba67c9afad185b962325a5242ef02"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53270.json"},{"type":"ADVISORY","url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53270"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"86dc7ef91ca15fb4957a74bd599397413fc26a24"},{"fixed":"58bd599ebd5918d4d005de60954fcd2cb00abd95"}],"database_specific":{"versions":[{"introduced":"1.32.0"},{"fixed":"1.32.3"}]}},{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"7b8baff1758f0a584dcc3cb657b5032000bcb3d7"},{"fixed":"688c4bbe47f4d05bb8ed268f5172bb026cf03242"}],"database_specific":{"versions":[{"introduced":"1.31.0"},{"fixed":"1.31.5"}]}},{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"50ea83e602d5da162df89fd5798301e22f5540cf"},{"fixed":"e409e0a2cedef46b5229f1a603125dccf779e540"}],"database_specific":{"versions":[{"introduced":"1.30.0"},{"fixed":"1.30.9"}]}},{"type":"GIT","repo":"https://github.com/envoyproxy/envoy","events":[{"introduced":"0"},{"fixed":"5c3dc559371181d5baa4a7533c36f2370fc97581"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.29.12"}]}}],"versions":["v1.0.0","v1.1.0","v1.10.0","v1.11.0","v1.12.0","v1.13.0","v1.14.0","v1.15.0","v1.16.0","v1.17.0","v1.18.0","v1.18.1","v1.18.2","v1.19.0","v1.2.0","v1.20.0","v1.21.0","v1.22.0","v1.23.0","v1.24.0","v1.25.0","v1.26.0","v1.27.0","v1.28.0","v1.29.0","v1.29.1","v1.29.10","v1.29.11","v1.29.2","v1.29.3","v1.29.4","v1.29.5","v1.29.6","v1.29.7","v1.29.8","v1.29.9","v1.3.0","v1.30.0","v1.30.1","v1.30.2","v1.30.3","v1.30.4","v1.30.5","v1.30.6","v1.30.7","v1.30.8","v1.31.0","v1.31.1","v1.31.2","v1.31.3","v1.31.4","v1.32.0","v1.32.1","v1.32.2","v1.4.0","v1.5.0","v1.6.0","v1.7.0","v1.8.0","v1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53270.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}