CVE-2022-31045

EPSS 0.43%
Published 09.06.2022 21:15:07
Last modified 21.11.2024 07:03:46
Source security-advisories@github.com
Teams watchlist Login
Open Login

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Istio ≫ Istio Version < 1.12.8

Istio ≫ Istio Version >= 1.13.0 < 1.13.5

Istio ≫ Istio Version1.14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.618

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x

Third Party Advisory

https://istio.io/latest/news/security/istio-security-2022-05

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-31045

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31045

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31045

EUVD