GHSA-h7pq-86h8-rp5x
Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header
Details
Vulnerability report without repro case. Repro case may be added later after harness is complete.
**Preconditions (4):** - Tenant can create EnvoyExtensionPolicy (baseline) - Controller has egress to attacker-controlled OCI registry - No registry allowlist (none exists in code) - Layer presents Docker/OCI media type
**Description**
At imagefetcher.go:287, make([]byte, h.Size) uses the attacker-controlled tar-header size; the LimitReader at :278 bounds bytes read from the stream but not the header-declared size returned by tr.Next() (a 512-byte header can claim a multi-TB entry via PAX/GNU encoding). Reached from untrusted tenant input via EnvoyExtensionPolicy spec.wasm[].code.image.url (envoyextensionpolicy.go:1157 → cache.go:262/299 → imagefetcher.go:218 → :287), and the allocation happens for every tar entry regardless of filename. The resulting Go runtime OOM throw is unrecoverable and, because the CRD persists, crash-loops the shared controller — single-request, non-volumetric, cluster-wide DoS.
Are you affected?
Enter the version of the package you're using.
Affected packages
1.8.0-rc.0 Fixed in: 1.8.1 go get github.com/envoyproxy/gateway@v1.8.1 0 Fixed in: 1.7.4 go get github.com/envoyproxy/gateway@v1.7.4