2269444 – (CVE-2024-27919) CVE-2024-27919 envoy: CONTINUATION frames which enable DoS

Bug 2269444 (CVE-2024-27919) - CVE-2024-27919 envoy: CONTINUATION frames which enable DoS

Summary: CVE-2024-27919 envoy: CONTINUATION frames which enable DoS

Keywords:
Status:	NEW
Alias:	CVE-2024-27919
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2268258
TreeView+	depends on / blocked

Reported:	2024-03-13 22:38 UTC by Nick Tait
Modified:	2024-04-12 19:39 UTC (History)
CC List:	53 users (show)
Fixed In Version:	envoy 1.29.2
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in how Envoy Proxy implements the oghttp codec. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up memory resources to cause a Denial of Service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Nick Tait 2024-03-13 22:38:27 UTC

Envoy is vulnerable to a DoS caused by how it continues to receive CONTINUATION frames, and will not callback to the application to allow visibility into this information before it resets the stream.

Note You need to log in before you can comment on or make changes to this bug.

amctagga
aoconnor
bniver
dhanak
dsimansk
dymurray
eglynn
flucifre
gkamathe
gmeno
gparvin
ibolton
jcantril
jjoyce
jkoehler
jmatthew
jmontleo
jschluet
jwendell
kingland
kverlaen
lbainbri
lhh
lsvaty
matzew
mbenjamin
mburns
mgarciac
mhackett
mnovotny
mrajanna
mwringe
njean
owatkins
pahickey
periklis
pgrist
pierdipi
rcernich
rguimara
rhaigner
rhos-maint
rhuss
rjohnson
sdawley
security-response-team
skontopo
slucidi
sostapov
sseago
twalsh
vereddy
whayutin