Wenlei He

**Name of the Vulnerable Software and Affected Versions** Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier **Description** The issue is related to excessive memory consumption when proxying HTTP/2 requests or responses with many small data frames. This occurs when the software handles a large number of 1-byte data frames. **Recommendations** For Envoy versions 1.14.2, 1.13.2, 1.12.4 or earlier, consider updating to a version that includes a fix for this issue to prevent excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CNCF Envoy versions 1.13.0 and earlier **Description** The issue is related to excessive memory consumption when proxying HTTP/1.1 requests or responses with many small chunks. This can be exploited by a remote attacker to cause a denial of service. The problem is associated with an uncontrolled resource consumption in the Envoy network software. **Recommendations** For versions 1.13.0 and earlier, consider updating to a version that fixes the memory consumption issue to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.