Vulnerability type
Allocation of Resources Without Limits or Throttling
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Discoverer(s)/Credits
Antonio Vicente (Google LLC)
Description
Envoy version 1.14.2, 1.13.2, 1.12.4 or older may consume excessive amounts of memory beyond the configured max header size limit when parsing HTTP/1.1 headers due to missing incremental size validation when parsing header field names, and not including the request URL in the computed request header size. The missing header field name size check can result in excessive buffering up to a hard-coded 32MB limit until timeout. The missing request URL size check can result in Envoy attempting to route match and proxy HTTP/1.1 requests with URLs up to a hard-coded 32MB limit, which could result in excess memory usage or performance problems in regex route matches.
Vulnerability type
Allocation of Resources Without Limits or Throttling
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Discoverer(s)/Credits
Antonio Vicente (Google LLC)
Description
Envoy version 1.14.2, 1.13.2, 1.12.4 or older may consume excessive amounts of memory beyond the configured max header size limit when parsing HTTP/1.1 headers due to missing incremental size validation when parsing header field names, and not including the request URL in the computed request header size. The missing header field name size check can result in excessive buffering up to a hard-coded 32MB limit until timeout. The missing request URL size check can result in Envoy attempting to route match and proxy HTTP/1.1 requests with URLs up to a hard-coded 32MB limit, which could result in excess memory usage or performance problems in regex route matches.