Excessive Iteration
CVE-2021-39204
Summary
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions prior to 0.14.8 and 0.15.x prior to 0.15.1 contain an upgraded envoy binary with this vulnerability patched.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-834 - Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
References
Advisory Timeline
- Published