ISTIO-SECURITY-2024-003

{{< security_bulletin >}}

CVE

Envoy CVEs

• CVE-2024-32475: (CVSS Score 7.5, High): Abnormal termination when using auto_sni with :authority header longer than 255 characters.

Am I Impacted?

You are impacted if you enabled the auto_sni feature of Envoy, are using Istio versions 1.21.0 or above where this was enabled by default, or are using an Egress Gateway.