Improper handling of exceptional conditions in Istio - CVE-2022-23635
Published: February 22, 2022 / Updated: April 20, 2026
Vulnerability identifier: #VU126612
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-23635
CWE-ID: CWE-755
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Istio
Istio
Software vendor:
Istio
Istio
Description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a request processing error in the istiod control plane when handling a specially crafted message on port 15012. A remote attacker can send a specially crafted message to cause a denial of service.
In simple installations, the vulnerable endpoint is typically reachable only from within the cluster, but it may be exposed over the public internet in some multicluster deployments.
Remediation
Install security update from vendor's website.