CVE-2021-32780
Incorrect handling of H/2 GOAWAY followed by SETTINGS frames
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state.
Envoy es un proxy L7 de código abierto y un bus de comunicación diseñado para grandes arquitecturas modernas orientadas a servicios. En las versiones afectadas, Envoy lleva a cabo una transición de una conexión H/2 al estado CLOSED cuando recibe una trama GOAWAY sin ningún flujo pendiente. El estado de la conexión pasa a DRAINING cuando recibe una trama SETTING con el parámetro SETTINGS_MAX_CONCURRENT_STREAMS ajustado a 0. Recibiendo estas dos tramas en el mismo evento de E/S resulta en una terminación anormal del proceso Envoy debido a una transición de estado no válida de CLOSED a DRAINING. Una secuencia de tramas H/2 entregada por un servidor upstream no confiable resultará en una Denegación de Servicio en presencia de servidores **upstream** no confiables. Envoy versiones 1.19.1 y 1.18.4, contienen correcciones para detener el procesamiento de las tramas H/2 pendientes después de la transición de la conexión al estado CLOSED.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-08-24 CVE Published
- 2024-05-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history | 2022-06-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | >= 1.18.0 < 1.18.4 Search vendor "Envoyproxy" for product "Envoy" and version " >= 1.18.0 < 1.18.4" | - |
Affected
| ||||||
Envoyproxy Search vendor "Envoyproxy" | Envoy Search vendor "Envoyproxy" for product "Envoy" | 1.19.0 Search vendor "Envoyproxy" for product "Envoy" and version "1.19.0" | - |
Affected
|