Summary Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy. PoC If both websocket and ext_proc are enabled, a failed handshake will trigger a local reply, thus ext_proc will crash. Mitigation Disable websocket traffic Change the websocket response from backend to always return 101 Switch protocol based on RFC. Apply the patch and the ext_proc filter will not send the local reply that is generated by Envoy to the ext_proc server for processing. Apply the patch that the router will cancel the upstream requests when sending a local reply. Impact Denial of service Reporter Vasilios Syrakis Fernando…Read More