CVE-2021-32780

Описание

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted upstream servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.

A vulnerability was found in envoyproxy/envoy, in which the application terminates abruptly. The error occurs when envoy receives a GOAWAY frame followed by a SETTINGS frame with the parameter SETTING_MAX_CONCURRENT_STREAMS to set 0. This flaw allows an attacker to cause a denial of service on the proxy. The highest threat from this vulnerability is to system availability.