CVE-2022-29225

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.22.1

Description The issue is related to the decode/encodeBody component of the Envoy proxy, which can lead to uncontrolled resource consumption. An attacker can exploit this by sending a specially crafted zip file, potentially causing a denial of service due to system memory exhaustion. This can be achieved by zip bombing the decompressor, where a small highly compressed payload is sent.

Recommendations For versions prior to 1.22.1, users are advised to upgrade to a newer version to resolve the issue. As a temporary workaround, consider disabling decompression for users unable to upgrade.