Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2024-53269

Always-Incorrect Control Flow Implementation

Published: Dec 18, 2024 | Modified: Aug 28, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
4.5 MODERATE
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Ubuntu
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-53269
CWEhttps://cwe.mitre.org/data/definitions/670.html

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration.

Weakness

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

Affected Software

Name Vendor Start Version End Version
Envoy Envoyproxy 1.30.0 (including) 1.30.8 (excluding)
Envoy Envoyproxy 1.31.0 (including) 1.31.4 (excluding)
Envoy Envoyproxy 1.32.0 (including) 1.32.2 (excluding)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use