How severe is CVE-2021-32778?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-32778?

This is classified as CWE-834, which is a common weakness in software security.

CVE-2021-32778 - HIGH Severity | CVSS 7.5

Vulnerability Description

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100.

Related Vulnerabilities

CVE-2017-11188

HIGH

CVSS:7.5(High)

The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.

CWE-8342017

CVE-2017-11409

HIGH

CVSS:7.5(High)

In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.

CWE-8342017

CVE-2018-11813

HIGH

CVSS:7.5(High)

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.

CWE-8342018

CVE-2018-14342

HIGH

CVSS:7.5(High)

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute...

CWE-8342018

CVE-2018-7321

HIGH

CVSS:7.5(High)

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.

CWE-8342018

CVE-2018-7323

HIGH

CVSS:7.5(High)

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing.

CWE-8342018