Vulnerability Description
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Istio | Istio | < 1.12.8 |
Related Weaknesses (CWE)
References
- https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68xThird Party Advisory
- https://istio.io/latest/news/security/istio-security-2022-05Broken Link
- https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68xThird Party Advisory
- https://istio.io/latest/news/security/istio-security-2022-05Broken Link
FAQ
What is CVE-2022-31045?
CVE-2022-31045 is a vulnerability with a CVSS score of 7.0 (HIGH). Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting i...
How severe is CVE-2022-31045?
CVE-2022-31045 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31045?
Check the references section above for vendor advisories and patch information. Affected products include: Istio Istio.