Brief description
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
CVSS
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5, High)
Affected version(s)
Envoy master between 2d69e30 and 3b5acb2
Affected component(s)
URL parser
Attack vector(s)
Use of Internationalized Domain Name (IDN), that requires canonicalization (Punycode encoding: to convert Unicode characters to ASCII), as the host component in the request URL.
Discover(s)/Credits
Asra Ali (Google LLC), Dhi Aurrahman (Tetrate.io)
Details
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. The use of Internationalized Domain Name (IDN) as the host component in a request URL triggers the URL parser library used by Envoy to do Punycode encoding (to convert Unicode characters to ASCII). Since the conversion data is not available, it fails the conversion, which could result in executing code in faulting address (segmentation fault).
Detection
Abnormal termination of the Envoy proxy process with the url::IDNToASCII() function at the top of the stack trace.
References
Brief description
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
CVSS
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5, High)
Affected version(s)
Envoy master between 2d69e30 and 3b5acb2
Affected component(s)
URL parser
Attack vector(s)
Use of Internationalized Domain Name (IDN), that requires canonicalization (Punycode encoding: to convert Unicode characters to ASCII), as the host component in the request URL.
Discover(s)/Credits
Asra Ali (Google LLC), Dhi Aurrahman (Tetrate.io)
Details
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. The use of Internationalized Domain Name (IDN) as the host component in a request URL triggers the URL parser library used by Envoy to do Punycode encoding (to convert Unicode characters to ASCII). Since the conversion data is not available, it fails the conversion, which could result in executing code in faulting address (segmentation fault).
Detection
Abnormal termination of the Envoy proxy process with the
url::IDNToASCII()function at the top of the stack trace.References