# CVE-2024-53271 — Envoy BALSA HTTP/1.1 double-MessageDone() reproduction. # # Differential layout (both reachable from the host): # cve-2024-53271-envoy-vuln v1.32.2 (affected) host 127.0.0.1:10000 # cve-2024-53271-envoy-baseline v1.32.3 (fixed) host 127.0.0.1:10001 # # Each proxy fronts the same two upstreams on its internal bridge: # upstream-102 : 102 Processing then 200 (route /trigger) -> fires the bug # upstream-plain : 200 only (route /plain) -> liveness path services: upstream-102: build: context: . dockerfile: Dockerfile image: cve-2024-53271-upstream:local container_name: cve-2024-53271-upstream-102 environment: MODE: trigger PORT: "8080" networks: [cvenet] # internal-only; not published to the host upstream-plain: image: cve-2024-53271-upstream:local container_name: cve-2024-53271-upstream-plain depends_on: [upstream-102] environment: MODE: plain PORT: "8080" networks: [cvenet] # internal-only; not published to the host envoy-vuln: image: envoyproxy/envoy:v1.32.2 container_name: cve-2024-53271-envoy-vuln depends_on: [upstream-102, upstream-plain] command: - "-c" - "/etc/envoy/envoy.yaml" - "--service-cluster" - "vuln" volumes: - ./config/envoy-vuln.yaml:/etc/envoy/envoy.yaml:ro ports: - "127.0.0.1:10000:10000" # downstream HTTP/1.1 - "127.0.0.1:9900:9901" # admin networks: [cvenet] envoy-baseline: image: envoyproxy/envoy:v1.32.3 container_name: cve-2024-53271-envoy-baseline depends_on: [upstream-102, upstream-plain] command: - "-c" - "/etc/envoy/envoy.yaml" - "--service-cluster" - "baseline" volumes: - ./config/envoy-baseline.yaml:/etc/envoy/envoy.yaml:ro ports: - "127.0.0.1:10001:10000" # downstream HTTP/1.1 - "127.0.0.1:9901:9901" # admin networks: [cvenet] networks: cvenet: name: cve-2024-53271-net driver: bridge