Incomplete Cleanup

Summary

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's HTTP/2 codec may leak a header map and bookkeeping structures upon receiving "RST_STREAM" immediately followed by an upstream server's "GOAWAY" frames. In nghttp2, cleanup of pending requests due to receipt of the "GOAWAY" frame skips the de-allocation of the bookkeeping structure and pending compressed header. The error return code path is taken if the connection is already marked for not sending more requests due to the "GOAWAY" frame. The clean-up code is right after the return statement, causing a memory leak, resulting in Denial of Service (DOS) through memory exhaustion. This issue affects github.com/envoyproxy/envoy versions through 1.23.11, 1.24.0 through 1.24.8, 1.25.0 through 1.25.7, and 1.26.0 through 1.26.2. The vulnerability related to github.com/nghttp2/nghttp2 affects versions through v1.55.0.