Crash in proxy protocol when command type of LOCAL

High

phlax published GHSA-4h5x-x9vh-m29j

Feb 9, 2024

Package

Envoy Proxy (Envoy)

Affected versions

<1.29.1

Patched versions

1.29.1, 1.28.1, 1.27.3, 1.26.7

Description

Summary

When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header.

Details

This occurs when the downstream request has a command type of LOCAL and does not have the protocol block.

Impact

Denial of Service

Credits

Jacob Taylor me@jacobtaylor.id.au

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H