VDB
KO
MEDIUM 6.5

GHSA-h7pq-86h8-rp5x

Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header

Details

Vulnerability report without repro case. Repro case may be added later after harness is complete.

**Preconditions (4):** - Tenant can create EnvoyExtensionPolicy (baseline) - Controller has egress to attacker-controlled OCI registry - No registry allowlist (none exists in code) - Layer presents Docker/OCI media type

**Description**

At imagefetcher.go:287, make([]byte, h.Size) uses the attacker-controlled tar-header size; the LimitReader at :278 bounds bytes read from the stream but not the header-declared size returned by tr.Next() (a 512-byte header can claim a multi-TB entry via PAX/GNU encoding). Reached from untrusted tenant input via EnvoyExtensionPolicy spec.wasm[].code.image.url (envoyextensionpolicy.go:1157 → cache.go:262/299 → imagefetcher.go:218 → :287), and the allocation happens for every tar entry regardless of filename. The resulting Go runtime OOM throw is unrecoverable and, because the CRD persists, crash-loops the shared controller — single-request, non-volumetric, cluster-wide DoS.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/envoyproxy/gateway
Introduced in: 1.8.0-rc.0 Fixed in: 1.8.1
Fix go get github.com/envoyproxy/gateway@v1.8.1
Go / github.com/envoyproxy/gateway
Introduced in: 0 Fixed in: 1.7.4
Fix go get github.com/envoyproxy/gateway@v1.7.4

References