CVE-2025-30157
MEDIUM6.5EPSS 0.04%Envoy crashes when HTTP ext_proc processes local replies
Description
### Summary Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy. ### PoC If both websocket and ext_proc are enabled, a failed handshake will trigger a local reply, thus ext_proc will crash. ### Mitigation 1. Disable websocket traffic 2. Change the websocket response from backend to always return `101 Switch protocol` based on RFC. 3. Apply the patch and the ext_proc filter will not send the local reply that is generated by Envoy to the ext_proc server for processing. 4. Apply the patch that the router will cancel the upstream requests when sending a local reply. ### Impact Denial of service ### Reporter Vasilios Syrakis Fernando Cainelli
Affected packages (2)
- Bitnami/envoyfrom 0, < 1.30.10, >= 1.31.0, < 1.31.6, >= 1.32.0, < 1.32.4, >= 1.33.0, < 1.33.1
- Go/github.com/envoyproxy/envoyfrom 0, < 1.30.10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |