Main Vulnerability Database Vulnerabilities #VU64153

#VU64153 Out-of-bounds read in Istio - CVE-2022-31045

Published: June 10, 2022 / Updated: July 27, 2022

Vulnerability identifier: #VU64153

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-31045

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Istio

Software vendor:
Istio

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the Ill-formed headers. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.

Remediation

Install updates from vendor's website.

Note, the 1.14.2 or 1.13.6 versions are affected by this vulnerability due to process issues on the vendor's side.

External links

https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x
https://istio.io/latest/news/security/istio-security-2022-05
https://istio.io/latest/news/security/istio-security-2022-006