Описание
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
An out-of-bounds read flaw was found in istio-pilot. This flaw allows an attacker to send a crafted HTTP GET request to the pilot debug API endpoint. This action causes pilot to panic, resulting in a denial of service to the istio pilot application. The highest threat from this vulnerability is to system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.0 | servicemesh | Not affected | ||
| OpenShift Service Mesh 1.1 | servicemesh | Fixed | RHSA-2021:1322 | 22.04.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
EPSS
6.5 Medium
CVSS3