Oracle Linux 8 : istio (ELSA-2022-9773)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9773 advisory. - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Adress Istio CVE-2022-31045, CVE-2022-29225,...

Oracle Linux 7 : istio (ELSA-2022-9772)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9772 advisory. - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 - Istio CVE-2022-31045, CVE-2022-29225,...

CVE-2022-31045

A flaw was found in Istio. Memory access violation of ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access, resulting in undefined behavior or crashing...

Denial Of Service (DoS)

Istio is vulnerable to denial of service. The vulnerability exists due to a lack of proper configurations in the headers sent to Envoy, allowing an attacker to crash the system with an ill-formed headers...

Ill-formed headers may lead to unexpected behavior in Istio

Impact Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. You are at most risk if you have an Istio ingress Gateway exposed to external traffic. Patches 1.12.8, 1.13.5, 1.14.1 Workarounds No. References More...

CVE-2022-31045

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress...

Design/Logic Flaw

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress...