CVE-2021-39204 - OpenCVE

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Envoyproxy	Envoy
Pomerium	Pomerium

Configuration 1 [-]

OR	cpe:2.3:a:envoyproxy:envoy::::::::
	cpe:2.3:a:envoyproxy:envoy::::::::
	cpe:2.3:a:envoyproxy:envoy::::::::
	cpe:2.3:a:envoyproxy:envoy:1.19.0:::::::*
	cpe:2.3:a:pomerium:pomerium::::::::
	cpe:2.3:a:pomerium:pomerium:0.15.0:::::::*

References

Link	Resource
https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc	Third Party Advisory
https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r	Third Party Advisory
https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ	Not Applicable

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-09-09T22:10:09

Updated: 2021-09-09T22:10:09

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39204

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-09T22:15:09.773

Modified: 2021-09-27T18:30:56.377

Link: CVE-2021-39204

JSON object: View

Redhat Information

No data.

CWE

CWE-834

{"containers": {"cna": {"affected": [{"product": "pomerium", "vendor": "pomerium", "versions": [{"status": "affected", "version": "< 0.14.8"}, {"status": "affected", "version": ">= 0.15.0, < 0.15.1"}]}], "descriptions": [{"lang": "en", "value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-834", "description": "CWE-834: Excessive Iteration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-09T22:10:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"}], "source": {"advisory": "GHSA-5wjf-62hw-q78r", "discovery": "UNKNOWN"}, "title": "Excessive CPU usage in Pomerium", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39204", "STATE": "PUBLIC", "TITLE": "Excessive CPU usage in Pomerium"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pomerium", "version": {"version_data": [{"version_value": "< 0.14.8"}, {"version_value": ">= 0.15.0, < 0.15.1"}]}}]}, "vendor_name": "pomerium"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-834: Excessive Iteration"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ", "refsource": "MISC", "url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"}, {"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc", "refsource": "MISC", "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"}, {"name": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r", "refsource": "CONFIRM", "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"}]}, "source": {"advisory": "GHSA-5wjf-62hw-q78r", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39204", "datePublished": "2021-09-09T22:10:09", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2021-09-09T22:10:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FA474E1-2F0F-44D7-938F-40EE9DB5C230", "versionEndIncluding": "1.16.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "83547329-1394-417F-93DB-70C1A9D173B0", "versionEndExcluding": "1.17.4", "versionStartIncluding": "1.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7376E28-9915-4CA1-A5DB-40874D10E781", "versionEndExcluding": "1.18.4", "versionStartIncluding": "1.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "1968AA35-60E2-4A00-84A0-617738B55D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*", "matchCriteriaId": "2793176B-E77A-4393-BFE5-15100D2E80FD", "versionEndExcluding": "0.14.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0082414-BE21-4DDC-8B84-5DC9F9BAE8E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched."}, {"lang": "es", "value": "Pomerium es un proxy de acceso de c\u00f3digo abierto consciente de la identidad. Envoy, en el que es basado Pomerium, maneja inapropiadamente el restablecimiento de los flujos HTTP/2 con una complejidad excesiva. Esto puede conllevar a un alto uso de la CPU cuando es restablecido un gran n\u00famero de flujos. Esto puede resultar en una condici\u00f3n de DoS. Las versiones 0.14.8 y 0.15.1 de Pomerium contienen un binario envoy actualizado con esta vulnerabilidad parcheada"}], "id": "CVE-2021-39204", "lastModified": "2021-09-27T18:30:56.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Primary"}]}, "published": "2021-09-09T22:15:09.773", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xh3-33v5-chcc"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/pomerium/pomerium/security/advisories/GHSA-5wjf-62hw-q78r"}, {"source": "security-advisories@github.com", "tags": ["Not Applicable"], "url": "https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-834"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-834"}], "source": "security-advisories@github.com", "type": "Secondary"}]}