Skip to content

Excessive CPU usage

High
travisgroth published GHSA-5wjf-62hw-q78r Sep 9, 2021

Package

gomod pomerium (Go)

Affected versions

<=0.14.7, 0.15.0

Patched versions

0.15.1,0.14.8

Description

Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset.

Impact

This can result in a DoS condition.

Patches

Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.

Workarounds

N/A

References

envoy GSA
envoy CVE
envoy announcement

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2021-39204

Weaknesses