Veracode Vulnerability DatabaseVERACODE:34603Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
github.com/istio/istio is vulnerable to denial of service. The vulnerability exists because the library does not properly limit the reads from untrusted inputs, allowing an attacker to crash the application by providing maliciously crafted messages.
References
github.com/golang/go/issues/51112
github.com/istio/istio/commit/458feb160756d6b38f1cee4ddb7a40ff50aaa713
github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
github.com/istio/istio/commit/e9c3781bd4097f94289b18ecb5a657438f47c9a4
github.com/istio/istio/pull/37785
github.com/istio/istio/pull/37791
github.com/istio/istio/pull/37792
github.com/istio/istio/pull/37804
github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P