Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crash when a cluster is deleted in Envoy
Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections. This infinite recursion causes Envoy to crash. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未经控制的递归
Vulnerability Title
Envoy 安全漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 存在安全漏洞,该漏洞源于当通过集群发现服务 (CDS) 删除集群时,与该集群中的端点建立的所有空闲连接都将断开连接。 在断开空闲连接的过程中引入了递归,当集群有大量空闲连接时,可能导致堆栈耗尽和进程异常终止。 这种无限递归导致 Envoy 崩溃。 建议用户升级。
CVSS Information
N/A
Vulnerability Type
N/A