CVE-2024-30255 This repository contains a proof-of-concept (PoC) Python script to demonstrate the CPU exhaustion vulnerability in Envoy caused by a flood of CONTINUATION frames.# Envoy CPU Exhaustion Vulnerability PoC
This repository contains a proof-of-concept (PoC) Python script to demonstrate the CPU exhaustion vulnerability in Envoy caused
by a flood of CONTINUATION frames. Author: blackmagic 2024
## Description
Envoy is a cloud-native, open-source edge and service proxy designed for modern cloud-native applications. However, versions prior to
1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to a flood of CONTINUATION frames.
The HTTP/2 codec in Envoy allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits.
This PoC script sends a large number of CONTINUATION frames with a payload to simulate the vulnerability and exhaust the CPU resources of the
target Envoy server.
## Usage
- Clone the repository:
```bash
git clone https://github.com/blackmagic2023/Envoy-CPU-Exhaustion-Vulnerability-PoC.git
```
- Navigate to the repository directory:
```bash
cd Envoy-CPU-Exhaustion-Vulnerability-PoC
```
- Modify the script as needed, including the TARGET_HOST, TARGET_PORT, NUM_CONTINUATION_FRAMES, and CONTINUATION_PAYLOAD variables
according to your testing environment.
- Run the Python script:
```bash
python3 envoyPOC.py
```
## Disclaimer
This PoC script is provided for educational and research purposes only. Do not use this script for any illegal activities.
Running this script against a production Envoy server without authorization may be illegal and unethical. Use it responsibly
and only on systems you own or have explicit permission to test.
[4.0K] /data/pocs/bfd7bb785adcbd8a2b5ddccd101ee6057c16ed49
├── [1.2K] envoyPOC.py
└── [1.5K] README.md
0 directories, 2 files