CVE-2024-53270 – Envoy proxy versions before 1.32.3, 1.31.5, 1.3... (How to Fix)

Q: What is the severity of CVE-2024-53270?

CVE-2024-53270 has a CVSS score of 7.5 (HIGH). Envoy proxy versions before 1.32.3, 1.31.5, 1.30.9, and 1.29.12 contain a null pointer dereference vulnerability when the http1_server_abort_dispatch load shed point is configured. This can cause Envoy to crash when HTTP/2 upstream resets occur during specific conditions. Any organization using affected Envoy versions with this configuration is vulnerable.

📋 TL;DR

Envoy proxy versions before 1.32.3, 1.31.5, 1.30.9, and 1.29.12 contain a null pointer dereference vulnerability when the http1_server_abort_dispatch load shed point is configured. This can cause Envoy to crash when HTTP/2 upstream resets occur during specific conditions. Any organization using affected Envoy versions with this configuration is vulnerable.

💻 Affected Systems

Products:

Envoy Proxy

Versions: All versions before 1.32.3, 1.31.5, 1.30.9, and 1.29.12

Operating Systems: All platforms running Envoy

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when http1_server_abort_dispatch load shed point is configured. Default configurations are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service causing Envoy proxy crashes, potentially disrupting all traffic through the proxy and requiring manual restart.

🟠

Likely Case

Intermittent crashes during high-load scenarios when HTTP/2 upstream resets occur, leading to service disruption.

🟢

If Mitigated

No impact if load shed point is disabled or patched versions are used.

🌐 Internet-Facing: HIGH - Envoy is commonly deployed as an edge proxy, making internet-facing instances vulnerable to DoS attacks.

🏢 Internal Only: MEDIUM - Internal Envoy deployments could still experience crashes affecting internal service communication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires triggering specific conditions with HTTP/2 upstream resets while the load shed point is active.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.32.3, 1.31.5, 1.30.9, or 1.29.12

Vendor Advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3

Restart Required: Yes

Instructions:

1. Identify current Envoy version. 2. Upgrade to patched version (1.32.3, 1.31.5, 1.30.9, or 1.29.12). 3. Restart Envoy service. 4. Verify version after restart.

🔧 Temporary Workarounds

Disable vulnerable load shed point

all

Remove or disable the http1_server_abort_dispatch load shed point configuration

Remove http1_server_abort_dispatch from Envoy configuration files

Set high threshold for load shedding

all

Configure a very high threshold to minimize triggering of the vulnerable code path

Set high threshold value for http1_server_abort_dispatch in configuration

🧯 If You Can't Patch

Disable http1_server_abort_dispatch load shed point in all Envoy configurations
Implement monitoring for Envoy crashes and automated restart procedures

🔍 How to Verify

Check if Vulnerable:

Check Envoy version and configuration for http1_server_abort_dispatch load shed point

Check Version:

envoy --version

Verify Fix Applied:

Confirm Envoy version is 1.32.3, 1.31.5, 1.30.9, or 1.29.12 or later

📡 Detection & Monitoring

Log Indicators:

Envoy crash logs
Segmentation fault errors
Unexpected process termination

Network Indicators:

Sudden loss of proxy connectivity
HTTP 503 errors from upstream services

SIEM Query:

process_name="envoy" AND (event_type="crash" OR exit_code="139" OR signal="SIGSEGV")

📊 Metadata

CVE ID: CVE-2024-53270

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-670

Published: December 18, 2024

Last Updated: September 4, 2025

🔗 References

https://github.com/envoyproxy/envoy/pull/37743/commits/6cf8afda956ba67c9afad185b962325a5242ef02 Patch
https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3 Exploit,Mitigation,Third Party Advisory
https://github.com/envoyproxy/envoy/security/advisories/GHSA-q9qv-8j52-77p3 Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53270, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Envoy by Envoyproxy

Envoy by Envoyproxy

Envoy by Envoyproxy

Envoy by Envoyproxy

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable load shed point

Set high threshold for load shedding

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities