Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225
Blog post from JFrog
JFrog Security Research discovered a denial of service (DoS) vulnerability, CVE-2022-29225, in Envoy Proxy, an open-source edge and service proxy server, which can crash the server by exhausting memory through Brotli decompression without output buffer size limits. This vulnerability, allowing attackers to use a Brotli Zip Bomb to degrade performance or crash the Envoy process, was responsibly disclosed and has been fixed in Envoy versions 1.19.5, 1.20.4, 1.21.3, and 1.22.1. While JFrog's DevOps platform is not vulnerable to this issue, users of Envoy who cannot upgrade are advised to disable Brotli decompression as a workaround. JFrog also provides automated security scanning with JFrog Xray to help developers identify vulnerable Envoy configurations.
No tracked trend matches for this post yet.
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.