1844252 – (CVE-2020-12605) CVE-2020-12605 envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names

Bug 1844252 (CVE-2020-12605) - CVE-2020-12605 envoy: Resource exhaustion when processing HTTP/1.1 headers with long field names

Summary: CVE-2020-12605 envoy: Resource exhaustion when processing HTTP/1.1 headers wi...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-12605
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1844256
TreeView+	depends on / blocked

Reported:	2020-06-04 21:30 UTC by Pedro Sampaio
Modified:	2021-02-16 19:56 UTC (History)
CC List:	3 users (show)
Fixed In Version:	envoy 1.14.2
Doc Type:	If docs needed, set a value
Doc Text:	An uncontrolled resource consumption vulnerability was found in Envoy. This flaw allows an attacker to craft many HTTP requests with long field names or URLs to cause the proxy to consume excessive amounts of memory, potentially resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:	2020-07-01 19:27:48 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:2798	0	None	None	None	2020-07-01 18:44:34 UTC
Red Hat Product Errata	RHSA-2020:2864	0	None	None	None	2020-07-07 19:34:35 UTC

Description Pedro Sampaio 2020-06-04 21:30:27 UTC

Envoy through 1.14.1 may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.

Comment 1 Pedro Sampaio 2020-06-04 21:35:15 UTC

Acknowledgments:

Name: the Envoy security team

Comment 3 Mark Cooper 2020-06-30 22:04:04 UTC

External References:

https://istio.io/latest/news/security/istio-security-2020-007/

Comment 4 Mark Cooper 2020-06-30 23:10:18 UTC

Upstream commit: https://github.com/envoyproxy/envoy/commit/7ca28ff7d46454ae930e193d97b7d08156b1ba59

Comment 5 errata-xmlrpc 2020-07-01 18:44:32 UTC

This issue has been addressed in the following products:

  OpenShift Service Mesh 1.1

Via RHSA-2020:2798 https://access.redhat.com/errata/RHSA-2020:2798

Comment 6 Product Security DevOps Team 2020-07-01 19:27:48 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-12605

Comment 7 errata-xmlrpc 2020-07-07 19:34:33 UTC

This issue has been addressed in the following products:

  OpenShift Service Mesh 1.0

Via RHSA-2020:2864 https://access.redhat.com/errata/RHSA-2020:2864

Note You need to log in before you can comment on or make changes to this bug.