CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited number of...

CVE-2024-30255

Envoy's HTTP/2 implementation is vulnerable to CPU exhaustion from a flood of CONTINUATION frames in versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8. The vulnerability lets an attacker send unlimited CONTINUATION frames without END_HEADERS, causing high CPU usage and potential denial of serv...