Vulnerability type
CWE-400: Uncontrolled Resource Consumption
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Affected component(s)
HTTP/1 codec
Attack vector(s)
A TCP buffer with many pipelined HTTP requests
Discoverer(s)/Credits
Alyssa Wilk (Google LLC)
Description (full; not included in CVE but will be published on GitHub later and linked)
Envoy version 1.13.0 or earlier may consume excessive amounts of memory when responding internally to pipelined requests. In the case of illegally formed requests, Envoy sends an internally generated 400 error, which is sent to the Network::Connection buffer. If the client reads these responses slowly, it is possible to build up a large number of responses, and consume functionally unlimited memory. This bypasses Envoy’s overload manager, which will itself send an internally generated response when Envoy approaches configured memory thresholds, exacerbating the problem.
Vulnerability type
CWE-400: Uncontrolled Resource Consumption
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Affected component(s)
HTTP/1 codec
Attack vector(s)
A TCP buffer with many pipelined HTTP requests
Discoverer(s)/Credits
Alyssa Wilk (Google LLC)
Description (full; not included in CVE but will be published on GitHub later and linked)
Envoy version 1.13.0 or earlier may consume excessive amounts of memory when responding internally to pipelined requests. In the case of illegally formed requests, Envoy sends an internally generated 400 error, which is sent to the Network::Connection buffer. If the client reads these responses slowly, it is possible to build up a large number of responses, and consume functionally unlimited memory. This bypasses Envoy’s overload manager, which will itself send an internally generated response when Envoy approaches configured memory thresholds, exacerbating the problem.