Lucene search

K
gitlabHttps://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-CA11EB905FA5739E96DBC684F3D02E9B
HistoryJun 10, 2022 - 12:00 a.m.

Out-of-bounds Read

2022-06-1000:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
17
istio
microservices
vulnerability
headers
memory access
envoy
gateway
external traffic
upgrade

EPSS

0.003

Percentile

68.4%

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.

EPSS

0.003

Percentile

68.4%