Chaoqin Li

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.18.4 Envoy versions prior to 1.19.1 **Description** Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions, Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the `SETTINGS MAX CONCURRENT STREAMS` parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted upstream servers. **Recommendations** For versions prior to 1.18.4, update to version 1.18.4 or later to stop processing of pending H/2 frames after connection transition to the CLOSED state. For versions prior to 1.19.1, update to version 1.19.1 or later to stop processing of pending H/2 frames after connection transition to the CLOSED state. As a temporary workaround, consider restricting access to untrusted upstream servers to minimize the risk of exploitation.