PT-2026-60689 · Go · Github.Com/Envoyproxy/Ai-Gateway
CVE-2026-53717
·
Published
2026-07-16
·
Updated
2026-07-16
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
- Tenant can create EnvoyExtensionPolicy (baseline)
- Controller has egress to attacker-controlled OCI registry
- No registry allowlist (none exists in code)
- Layer presents Docker/OCI media type
Description
At imagefetcher.go:287, make([]byte, h.Size) uses the attacker-controlled tar-header size; the LimitReader at :278 bounds bytes read from the stream but not the header-declared size returned by tr.Next() (a 512-byte header can claim a multi-TB entry via PAX/GNU encoding). Reached from untrusted tenant input via EnvoyExtensionPolicy spec.wasm[].code.image.url (envoyextensionpolicy.go:1157 → cache.go:262/299 → imagefetcher.go:218 → :287), and the allocation happens for every tar entry regardless of filename. The resulting Go runtime OOM throw is unrecoverable and, because the CRD persists, crash-loops the shared controller — single-request, non-volumetric, cluster-wide DoS.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github.Com/Envoyproxy/Ai-Gateway