CVE-2024-53271: 
Envoy vulnerability analysis and mitigation

Envoy, a cloud-native high-performance edge/middle/service proxy, was found to have a vulnerability (CVE-2024-53271) where it does not properly handle HTTP 1.1 non-101 1xx responses. This issue affects versions prior to 1.31.5 and 1.32.3, potentially leading to downstream failures in networked devices. The vulnerability was disclosed on December 18, 2024 (NVD).

The vulnerability stems from improper handling of HTTP 1.1 non-101 1xx responses in Envoy's implementation. The issue specifically occurs when processing these responses, which can trigger downstream failures. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H, indicating network attack vector, low attack complexity, no privileges required, and high impact on availability (GitHub Advisory).

The vulnerability can lead to downstream failures in networked devices, particularly affecting users who are using keep-alive HTTP/1.1 upstream and/or have vulnerable upstream servers that do not strictly pose single well-formatted responses. The impact is considered high, with potential service disruptions and system failures (GitHub Advisory).

The vulnerability has been patched in Envoy versions 1.31.5 and 1.32.3. Users are advised to upgrade to these versions or later to address the issue. There are no known workarounds for this vulnerability (NVD).