7.5

CVE-2026-47774

Exploit

Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EnvoyproxyEnvoy Version < 1.35.11
EnvoyproxyEnvoy Version >= 1.36.0 < 1.36.7
EnvoyproxyEnvoy Version >= 1.37.0 < 1.37.3
EnvoyproxyEnvoy Version1.38.0
RedhatOpenshift Service Mesh Version >= 2.6 < 2.6.17
RedhatOpenshift Service Mesh Version >= 3.0 < 3.0.12
RedhatOpenshift Service Mesh Version >= 3.1 < 3.1.9
RedhatOpenshift Service Mesh Version >= 3.2 < 3.2.6
RedhatOpenshift Service Mesh Version >= 3.3 < 3.3.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.82% 0.527
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-405 Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8
Vendor Advisory
Mitigation
http://www.openwall.com/lists/oss-security/2026/06/04/15
Third Party Advisory
Mailing List
Mitigation
https://access.redhat.com/errata/RHSA-2026:27114
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:26210
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:26222
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:26231
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:26247
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-47774
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2487465
Third Party Advisory
Exploit
Issue Tracking
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47774.json
Third Party Advisory