CVE-2022-31045 – istio.io/istio

Package

Manager: go
Name: istio.io/istio
Vulnerable Version: >=0 <1.12.18 || >=1.13.0 <1.13.5 || >=1.14.0 <1.14.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00222 pctl0.4473

Details

Ill-formed headers may lead to unexpected behavior in Istio ### Impact Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. You are at most risk if you have an Istio ingress Gateway exposed to external traffic. ### Patches 1.12.8, 1.13.5, 1.14.1 ### Workarounds No. ### References More details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-05) ### For more information If you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)

Metadata

Created: 2022-06-10T19:53:55Z
Modified: 2022-06-10T19:53:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-xwx5-5c9g-x68x/GHSA-xwx5-5c9g-x68x.json
CWE IDs: ["CWE-125"]
Alternative ID: GHSA-xwx5-5c9g-x68x
Finding: F111
Auto approve: 1