NRDAX
Submit

← registry

NRDAX-T0383 - HPACK Decoded-Size Accounting Bypass

memory_amp · active · first seen 2026-07-13

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

Envoy's HTTP/2 HPACK decoder bounds header-block size on ENCODED bytes only, and cookie header bytes bypass the max_request_headers_kb decoded-size accounting entirely. An attacker plants one large cookie value once in the HPACK dynamic table via a literal-with-incremental-indexing field, then re-references that single entry many times per request using 1-byte indexed-header-field octets, so the wire stays tiny while Envoy materializes the full cookie value on every reference. The fix-class is bounding/accounting the DECODED header size (including cookie bytes) rather than just the encoded HPACK block, closing the asymmetric-allocation gap; without it, a few connections/streams balloon decoded-header memory past the process limit and get OOM-killed within seconds.

instances (2)

chainprimitivefidelityoriginreproducer (bundle)source
http2 envoy_http2_hpack_cookie_amplification proxy reverse-engineered-cve envoy_http2_hpack_cookie_amplification -
http2 http2_bomb_indexed_ref_window_pin lab reverse-engineered-cve http2_bomb_indexed_ref_window_pin -

related (memory_amp)

cite

https://nrdax.com/techniques/NRDAX-T0383

plain

NRDAX Registry. Technique NRDAX-T0383.

bibtex
@misc{nrdax_NRDAX_T0383,
  title = {HPACK Decoded-Size Accounting Bypass (NRDAX-T0383)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0383},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0383",
  "type": "dataset",
  "title": "HPACK Decoded-Size Accounting Bypass (NRDAX-T0383)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0383",
  "publisher": "NRDAX Registry"
}