CVE-2022-39278

🗓️ 13 Oct 2022 00:00:00Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 378 Views

Istio control plane prior to 1.15.2, 1.14.5, and 1.13.9 allows malicious attackers to crash the control plane via a specially crafted message over TLS port 15017

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2022-39278	14 Oct 202202:28	–	circl
CNNVD	Istio 资源管理错误漏洞	13 Oct 202200:00	–	cnnvd
Cvelist	CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library	13 Oct 202200:00	–	cvelist
Oracle linux	istio security update	10 Jan 202300:00	–	oraclelinux
Oracle linux	istio security update	11 Jan 202300:00	–	oraclelinux
Oracle linux	istio security update	11 Jan 202300:00	–	oraclelinux
EUVD	EUVD-2022-41782	3 Oct 202520:07	–	euvd
NVD	CVE-2022-39278	13 Oct 202223:15	–	nvd
Tenable Nessus	Oracle Linux 8 : istio (ELSA-2023-12011)	11 Jan 202300:00	–	nessus
Tenable Nessus	Oracle Linux 7 : istio (ELSA-2023-12012)	11 Jan 202300:00	–	nessus

NVD

Vulners

Node

istio istioRange<1.13.9

istio istioRange1.14.0–1.14.5

istio istioRange1.15.0–1.15.2

[
  {
    "vendor": "istio",
    "product": "istio",
    "versions": [
      {
        "version": "< 1.13.9",
        "status": "affected"
      },
      {
        "version": ">= 1.14.0, < 1.14.5",
        "status": "affected"
      },
      {
        "version": ">= 1.15.0, < 1.15.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
istio	www.istio.io/latest/news/releases/1.15.x/announcing-1.15.2/
istio	www.istio.io/latest/news/releases/1.13.x/announcing-1.13.9/
github	www.github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w
istio	www.istio.io/news/releases/1.14.x/announcing-1.14.5/