CVE-2021-32778
Excessive CPU utilization when closing HTTP/2 streams
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100.
Envoy es un proxy L7 de código abierto y un bus de comunicación diseñado para grandes arquitecturas modernas orientadas a servicios. En las versiones afectadas, el procedimiento de Envoy para restablecer un flujo HTTP/2 presenta una complejidad O(N^2), conllevando a un alto uso de la CPU cuando se restablece un gran número de flujos. Los despliegues son susceptibles a una Denegación de Servicio cuando Envoy está configurado con un alto límite de flujos concurrentes H/2. Un atacante que desee explotar esta vulnerabilidad necesitaría un cliente que abriera y cerrara un gran número de flujos H/2. Envoy versiones 1.19.1, 1.18.4, 1.17.4 y 1.16.5, contienen correcciones para reducir la complejidad del tiempo de restablecimiento de los flujos HTTP/2. Como solución, los usuarios pueden limitar el número de sueños HTTP/2 simultáneos para los pares ascendentes y descendentes a un número bajo, es decir, 100.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-08-24 CVE Published
- 2024-05-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-834: Excessive Iteration
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | 2022-06-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.16.0 < 1.16.5 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.16.0 < 1.16.5" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.17.0 < 1.17.4 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.17.0 < 1.17.4" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.18.0 < 1.18.4 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.18.0 < 1.18.4" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | 1.19.0 Search vendor "Envoyproxy" for product "Envoy" and version "1.19.0" | - |
Affected
|