Vulnerability type
CWE-400: Uncontrolled Resource Consumption
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Affected component(s)
HTTP/1 codec, Connection buffer
Attack vector(s)
A HTTP/1.1 request or response with many small (i.e. 1 byte) chunks.
Discoverer(s)/Credits
Wenlei (Frank) He (Google LLC)
Description (full; not included in CVE but will be published on GitHub later and linked)
Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. Envoy allocates a separate buffer fragment for each incoming or outgoing chunk with the size rounded to the nearest 4Kb and does not release empty chunks after committing data. As such processing requests or responses with a lot of small chunks may result in extremely high memory overhead while proxying. The memory overhead could be two to three orders of magnitude more than configured buffer limits.
wlhee Analyst
Vulnerability type
CWE-400: Uncontrolled Resource Consumption
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Affected component(s)
HTTP/1 codec, Connection buffer
Attack vector(s)
A HTTP/1.1 request or response with many small (i.e. 1 byte) chunks.
Discoverer(s)/Credits
Wenlei (Frank) He (Google LLC)
Description (full; not included in CVE but will be published on GitHub later and linked)
Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. Envoy allocates a separate buffer fragment for each incoming or outgoing chunk with the size rounded to the nearest 4Kb and does not release empty chunks after committing data. As such processing requests or responses with a lot of small chunks may result in extremely high memory overhead while proxying. The memory overhead could be two to three orders of magnitude more than configured buffer limits.