BIT-envoy-2021-39204

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/envoy/BIT-envoy-2021-39204.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-envoy-2021-39204
Aliases
Published
2024-03-06T10:57:21.991Z
Modified
2024-05-19T02:24:44.067289Z
Summary
[none]
Details

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.

References

Affected packages

Bitnami / envoy

Package

Name
envoy
Purl
pkg:bitnami/envoy

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16.4
Introduced
1.17.0
Fixed
1.17.4
Introduced
1.18.0
Fixed
1.18.4
Type
SEMVER
Events
Introduced
1.19.0
Last affected
1.19.0