CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39204 – Excessive CPU usage in Pomerium
https://notcve.org/view.php?id=CVE-2021-39204
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ • CWE-834: Excessive Iteration •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39162 – Incorrect handling of H2 GOAWAY + SETTINGS frames
https://notcve.org/view.php?id=CVE-2021-39162
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered. Pomerium es un proxy de acceso de código abierto consciente de la identidad. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8 https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32780 – Incorrect handling of H/2 GOAWAY followed by SETTINGS frames
https://notcve.org/view.php?id=CVE-2021-32780
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8 https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32781 – Continued processing of requests after locally generated response
https://notcve.org/view.php?id=CVE-2021-32781
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history https://access.redhat.com/security/cve/CVE-2021-32781 https://bugzilla.redhat.com/show_bug.cgi?id=1996935 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32779 – Incorrectly handling of URI '#fragment' element as part of the path element
https://notcve.org/view.php?id=CVE-2021-32779
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9 https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history https://access.redhat.com/security/cve/CVE-2021-32779 https://bugzilla.redhat.com/show_bug.cgi?id=1996934 • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-697: Incorrect Comparison CWE-863: Incorrect Authorization •