Описание
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
A flaw was found in Envoy's Brotli decompressor. This flaw allows a remote, unauthenticated attacker to trigger an infinite loop, causing a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2 | servicemesh-proxy | Will not fix | ||
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/grafana-rhel8 | Fixed | RHSA-2024:7724 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8 | Fixed | RHSA-2024:7724 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8 | Fixed | RHSA-2024:7724 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8 | Fixed | RHSA-2024:7724 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/pilot-rhel8 | Fixed | RHSA-2024:7724 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8 | Fixed | RHSA-2024:7724 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.4 for RHEL 8 | openshift-service-mesh/ratelimit-rhel8 | Fixed | RHSA-2024:7724 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.5 for RHEL 8 | openshift-service-mesh/grafana-rhel8 | Fixed | RHSA-2024:7725 | 07.10.2024 |
| Red Hat OpenShift Service Mesh 2.5 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8 | Fixed | RHSA-2024:7725 | 07.10.2024 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2283145envoy: Brotli decompressor infinite loop
EPSS
Процентиль: 8%
0.00028
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 1 года назад
Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.
CVSS3: 7.5
debian
больше 1 года назад
Envoy is a cloud-native, open source edge and service proxy. Envoyprox ...
EPSS
Процентиль: 8%
0.00028
Низкий
7.5 High
CVSS3