CVE-2024-53269: 
Envoy vulnerability analysis and mitigation

Envoy, a cloud-native high-performance edge/middle/service proxy, was found to have a vulnerability where the Happy Eyeballs sorting algorithm crashes in the data plane when additional addresses are not IP addresses. This vulnerability (CVE-2024-53269) has been addressed in releases 1.32.2, 1.31.4, and 1.30.8 (GitHub Advisory).

The vulnerability occurs in the Happy Eyeballs sorting algorithm implementation. When the cluster configuration file contains malformed IP addresses in the additional addresses field, it triggers a crash in the data plane. The issue has been assigned a CVSS v3.1 base score of 4.5 (Medium) with a vector string of CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating adjacent network access, low attack complexity, high privileges required, no user interaction needed, and high impact on availability (GitHub Advisory).

The primary impact of this vulnerability is a crash in the Envoy service when malformed IP addresses are processed by the Happy Eyeballs algorithm. This can lead to service disruption and affect the availability of the proxy service (GitHub Advisory).

Users are advised to upgrade to the patched versions: 1.32.2, 1.31.4, or 1.30.8. For users unable to upgrade immediately, two workarounds are available: disable Happy Eyeballs or modify the IP configuration (GitHub Advisory).