# Envoy CPU Exhaustion Vulnerability PoC

This repository contains a proof-of-concept (PoC) Python script to demonstrate the CPU exhaustion vulnerability in Envoy caused 
by a flood of CONTINUATION frames. Author: blackmagic 2024

## Description
Envoy is a cloud-native, open-source edge and service proxy designed for modern cloud-native applications. However, versions prior to 
1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to a flood of CONTINUATION frames. 
The HTTP/2 codec in Envoy allows the client to send an unlimited number of CONTINUATION frames even after exceeding Envoy's header map limits.
This PoC script sends a large number of CONTINUATION frames with a payload to simulate the vulnerability and exhaust the CPU resources of the 
target Envoy server.

## Usage

- Clone the repository:
git clone

- Navigate to the repository directory:
cd Envoy-CPU-Exhaustion-Vulnerability-PoC

- Modify the script as needed, including the TARGET_HOST, TARGET_PORT, NUM_CONTINUATION_FRAMES, and CONTINUATION_PAYLOAD variables 
according to your testing environment.

- Run the Python script:


## Disclaimer

This PoC script is provided for educational and research purposes only. Do not use this script for any illegal activities. 
Running this script against a production Envoy server without authorization may be illegal and unethical. Use it responsibly 
and only on systems you own or have explicit permission to test.