The host is installed with getenvoy-envoy version 1.29.0 before 1.29.3, 1.28.0 before 1.28.2, 1.27.0 before 1.27.4, or before 1.26.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues in HTTP/2 codec. On successful exploitation, An attacker can send a sequence of CONTINUATION frames without the END_HEADERS bit set causing CPU utilization, consuming approximately 1 core per 300Mbit/s of traffic.