CVE-2022-31045

EPSS 0.43%
Veröffentlicht 09.06.2022 21:15:07
Zuletzt bearbeitet 21.11.2024 07:03:46
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Istio ≫ Istio Version < 1.12.8

Istio ≫ Istio Version >= 1.13.0 < 1.13.5

Istio ≫ Istio Version1.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.618

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x

Third Party Advisory

https://istio.io/latest/news/security/istio-security-2022-05

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-31045

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31045

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31045

EUVD