CVE-2022-31045

MEDIUM5.9EPSS 0.42%

Ill-formed headers may lead to unexpected behavior in Istio

發布日:2022/6/10修改日:2026/2/4

描述

### Impact Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. You are at most risk if you have an Istio ingress Gateway exposed to external traffic. ### Patches 1.12.8, 1.13.5, 1.14.1 ### Workarounds No. ### References More details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-05) ### For more information If you have any questions or comments about this advisory, please email us at [[email protected]](mailto:[email protected])

受影響套件(1)

Go/istio.io/istiofrom 0, < 1.12.18

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-31045
PATCHhttps://github.com/istio/istio
WEBhttps://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x
WEBhttps://istio.io/latest/news/security/istio-security-2022-05