Veracode Vulnerability DatabaseVERACODE:34362Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
github.com/istio/istio is vulnerable to denial of service (DoS) attacks. A malicious user is able to send a specifically crafted message causing a request processing error resulting a control plane crash.
References
github.com/istio/istio/commit/1362daaa6db15043a012894c2c1bce4e3dcdc575
github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84
github.com/istio/istio/commit/6f27d1ba7cd59925a7151e089aeb5c06d0c9a90c
github.com/istio/istio/pull/94
github.com/istio/istio/pull/95
github.com/istio/istio/pull/96
github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f
istio.io/latest/news/security/istio-security-2022-003
istio.io/latest/news/security/istio-security-2022-003/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P