Antonio Vicente

**Name of the Vulnerable Software and Affected Versions** Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier **Description** The issue is related to excessive memory consumption when proxying HTTP/2 requests or responses with many small data frames. This occurs when the software handles a large number of 1-byte data frames. **Recommendations** For Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier, consider updating to a version that includes a fix for this issue to prevent excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier **Description** The issue is related to excessive memory consumption when processing HTTP/1.1 headers with long field names or requests with long URLs. **Recommendations** For Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier, consider restricting the length of HTTP/1.1 headers and URLs to minimize the risk of excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.