Description
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.
Remediation
References
Related Vulnerabilities
Nginx CVE-2023-27729 Vulnerability (CVE-2023-27729)
WordPress Plugin FD Feedburner Cross-Site Request Forgery (1.42)
Lighttpd Resource Management Errors Vulnerability (CVE-2008-4298)
IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)
OpenSSL Improper Authentication Vulnerability (CVE-2009-0591)