GHSA-cxpq-8v7q-cg56
Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit
Details
Vulnerability report without repro case. Repro case may be added later after harness is complete.
**Preconditions (4):** - Tenant can create EnvoyExtensionPolicy (baseline) - Attacker hosts a gzip-bomb at a reachable URL - sha256 unset (optional field; check is post-decompression anyway) - No operator Wasm-URL allowlist (none exists in code)
**Description**
getFileFromGZ calls io.ReadAll on a raw gzip.Reader (httpfetcher.go:216) with no output bound, while the compressed input is capped at 256 MiB (httpfetcher.go:139). The bytes originate from a tenant-controlled EnvoyExtensionPolicy.spec.wasm[].code.http.url (envoyextensionpolicy.go:1077 → cache.go:248 → httpfetcher.go:147 → :233), so an untrusted tenant can point at a ~10 MiB gzip-of-zeros and force ~10 GiB allocation in the shared controller process. All candidate guards execute either before the body is buffered or after decompression. OOM-kills, restarts, re-reconciles same CR, crash-loops — persistent cross-tenant control-plane outage with PR:L/AC:L and scope change → HIGH despite availability-only.
Are you affected?
Enter the version of the package you're using.
Affected packages
1.8.0-rc.0 Fixed in: 1.8.1 go get github.com/envoyproxy/gateway@v1.8.1 0 Fixed in: 1.7.4 go get github.com/envoyproxy/gateway@v1.7.4