7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
github.com/istio/istio is vulnerable to denial of service (DoS) attacks. A malicious user is able to send a specifically crafted message causing a request processing error resulting a control plane crash.
github.com/istio/istio/commit/1362daaa6db15043a012894c2c1bce4e3dcdc575
github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84
github.com/istio/istio/commit/6f27d1ba7cd59925a7151e089aeb5c06d0c9a90c
github.com/istio/istio/pull/94
github.com/istio/istio/pull/95
github.com/istio/istio/pull/96
github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f
istio.io/latest/news/security/istio-security-2022-003
istio.io/latest/news/security/istio-security-2022-003/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P