Описание
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
A flaw was found in Envoy in versions through 1.14.1. An excessive amount of memory may be consumed when proxying HTTP/2 requests and responses that contain many small (e.g. 1 byte) data frames. The highest threat from this vulnerability is to system availability.
Отчет
A uncontrolled resource consumption vulnerability was found in Envoy. An attacker could craft many HTTP/2 requests (or responses) with very small data frames, to cause the proxy to consume excessive amounts of memory potentially resulting in a denial of service.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...
EPSS
7.5 High
CVSS3