PT-2026-60688 · Go · Github.Com/Envoyproxy/Ai-Gateway

CVE-2026-53716

·

Publicado

2026-07-16

·

Atualizado

2026-07-16

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
  • Tenant can create EnvoyExtensionPolicy (baseline)
  • Attacker hosts a gzip-bomb at a reachable URL
  • sha256 unset (optional field; check is post-decompression anyway)
  • No operator Wasm-URL allowlist (none exists in code)
Description
getFileFromGZ calls io.ReadAll on a raw gzip.Reader (httpfetcher.go:216) with no output bound, while the compressed input is capped at 256 MiB (httpfetcher.go:139). The bytes originate from a tenant-controlled EnvoyExtensionPolicy.spec.wasm[].code.http.url (envoyextensionpolicy.go:1077 → cache.go:248 → httpfetcher.go:147 → :233), so an untrusted tenant can point at a ~10 MiB gzip-of-zeros and force ~10 GiB allocation in the shared controller process. All candidate guards execute either before the body is buffered or after decompression. OOM-kills, restarts, re-reconciles same CR, crash-loops — persistent cross-tenant control-plane outage with PR:L/AC:L and scope change → HIGH despite availability-only.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-53716
GHSA-CXPQ-8V7Q-CG56

Produtos afetados

Github.Com/Envoyproxy/Ai-Gateway