| ID |
CVE-2021-32778
|
| Summary |
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.16.0:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.16.1:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.16.1:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.16.2:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.16.3:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.16.3:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.16.4:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.16.4:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.17.0:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.17.1:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.17.2:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.17.2:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.17.3:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.17.3:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.18.0:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.18.1:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.18.2:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.18.2:*:*:*:*:*:*:*
-
cpe:2.3:a:envoyproxy:envoy:1.18.3:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:1.18.3:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 15-06-2022 - 15:49) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-834 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| Last major update |
15-06-2022 - 15:49 |
| Published |
24-08-2021 - 21:15 |
| Last modified |
15-06-2022 - 15:49 |
