Vulnerability type
Uncontrolled Resource Consumption
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Discoverer(s)/Credits
Piotr Sikora (Google LLC)
Description
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. Large numbers of connections may be opened against Envoy, with no data sent, causing Envoy to eventually run out of file descriptors and crash.
Vulnerability type
Uncontrolled Resource Consumption
Attack type
Remote
Impact
Denial-of-service, Resource consumption (memory)
Discoverer(s)/Credits
Piotr Sikora (Google LLC)
Description
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. Large numbers of connections may be opened against Envoy, with no data sent, causing Envoy to eventually run out of file descriptors and crash.