We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Remotely exploitable crash in Envoy's HTTP2 Metadata, when an empty METADATA map is sent.
Denial of service.
Do not enable HTTP2 Metadata frame support.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25303
A remote attacker can send an HTTP2 request with a METADATA frame containing empty METADATA map causing a Envoy to crash.
Brief Description
Remotely exploitable crash in Envoy's HTTP2 Metadata, when an empty METADATA map is sent.
Impact
Denial of service.
Mitigation
Do not enable HTTP2 Metadata frame support.
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25303
Attack vector(s)
A remote attacker can send an HTTP2 request with a METADATA frame containing empty METADATA map causing a Envoy to crash.