CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
38.4%
github.com/envoyproxy/envoy is vulnerable to Denial Of Service (DoS) attacks. When the library receives RST_STREAM
and GOAWAY
frames from an upstream server, it might leak header maps and bookkeeping structures. The de-allocation of the accounting structure and compressed header is skipped during the cleanup of open requests. The error return code path is used if the connection has previously been flagged to prevent further requests owing to a GOAWAY
frame. The return statement is followed immediately by the clean-up code, which results in a memory leak.
github.com/envoyproxy/envoy/commit/5b97cffea6bf0588dc7f6efe43a9822cd376cbea
github.com/envoyproxy/envoy/commit/7d58adb482a9d0b2fa040b0bf4a188ec0d794a83
github.com/envoyproxy/envoy/commit/894be19b3466e821f7cc0cd203307b29e1fa5759
github.com/envoyproxy/envoy/commit/b1b66e55362453edd79f46069dad09c807fa9f68
github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346