Описание
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately followed by the GOAWAY frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the GOAWAY frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to GOAWAY frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
A flaw was found in Envoy, where a specifically crafted response from an untrusted upstream service can cause a denial of service through memory exhaustion. This issue is caused by Envoy’s HTTP/2 codec, which may leak a header map and bookkeeping structures upon receiving RST_STREAM immediately, followed by the GOAWAY frames from an upstream server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Core Services | jbcs-httpd24-nghttp2 | Not affected | ||
| Red Hat OpenShift Service Mesh 2.2 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8 | Fixed | RHSA-2023:5175 | 14.09.2023 |
| Red Hat OpenShift Service Mesh 2.3 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8 | Fixed | RHSA-2023:4624 | 11.08.2023 |
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8 | Fixed | RHSA-2023:4625 | 11.08.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.
Envoy is a cloud-native high-performance edge/middle/service proxy. En ...
EPSS
7.5 High
CVSS3