CVE-2021-39204
HIGH7.5EPSS 0.41%Excessive CPU usage
描述
Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. ### Impact This can result in a DoS condition. ### Patches Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched. ### Workarounds N/A ### References [envoy GSA](https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc) [envoy CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32778) [envoy announcement](https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ) ### For more information If you have any questions or comments about this advisory: * Open an issue in [pomerium/pomerium](https://github.com/pomerium/pomerium/issues) * Email us at [[email protected]](mailto:[email protected])
受影響套件(2)
- Bitnami/envoyfrom 0, < 1.16.5, >= 1.17.0, < 1.17.4, >= 1.18.0, < 1.18.4, >= 1.19.0, < 1.19.1
- Go/github.com/pomerium/pomeriumfrom 0, < 0.14.8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-39204
- PATCHhttps://github.com/pomerium/pomerium
- WEBhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc
- WEBhttps://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r
- WEBhttps://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ