Vulnerability Details : CVE-2021-39162
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an upgraded envoy binary with this vulnerability patched. If only trusted upstreams are configured, there is not substantial risk of this condition being triggered.
Vulnerability category: Denial of service
Products affected by CVE-2021-39162
- cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
- cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-39162
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-39162
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2021-39162
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-39162
-
https://github.com/pomerium/pomerium/security/advisories/GHSA-gjcg-vrxg-xmgv
Incorrect handling of H2 GOAWAY + SETTINGS frames · Advisory · pomerium/pomerium · GitHubThird Party Advisory
-
https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE/m/wD05NZBbAgAJ
Security releases of Envoy 1.19.1, 1.18.4, 1.17.4, and 1.16.5 are now availableNot Applicable;Third Party Advisory
-
https://github.com/envoyproxy/envoy/security/advisories/GHSA-j374-mjrw-vvp8
Incorrect handling of H/2 GOAWAY followed by SETTINGS frames · Advisory · envoyproxy/envoy · GitHubThird Party Advisory
Jump to