CVSS Score 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H, Medium
When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections.
Impact
Infinite recursion causes Envoy crash.
Patches
Workarounds
Reduce the maximum number of connections in the cluster circuit breaker, considering that the 8Mb stack (default size on Linux) can only handle disconnecting less than 2K connections.
References
https://blog.envoyproxy.io
https://github.com/envoyproxy/envoy/releases
For more information
Open an issue in Envoy repo
Email us at envoy-security
CVSS Score 4.4 AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H, Medium
When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle connections that can lead to stack exhaustion and abnormal process termination when a cluster has a large number of idle connections.
Impact
Infinite recursion causes Envoy crash.
Patches
Workarounds
Reduce the maximum number of connections in the cluster circuit breaker, considering that the 8Mb stack (default size on Linux) can only handle disconnecting less than 2K connections.
References
https://blog.envoyproxy.io
https://github.com/envoyproxy/envoy/releases
For more information
Open an issue in Envoy repo
Email us at envoy-security