Yanavlasov

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.23.11 Envoy versions prior to 1.24.9 Envoy versions prior to 1.25.8 Envoy versions prior to 1.26.3 **Description** Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return code path is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. This can lead to denial of service through memory exhaustion. **Recommendations** For versions prior to 1.23.11, update to version 1.23.11 or later. For versions prior to 1.24.9, update to version 1.24.9 or later. For versions prior to 1.25.8, update to version 1.25.8 or later. For versions prior to 1.26.3, update to version 1.26.3 or later.