Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-66220

Опубликовано: 03 дек. 2025
Источник: redhat
CVSS3: 5
EPSS Низкий

Описание

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

A flaw was found in Envoy. This vulnerability allows mTLS (mutual Transport Layer Security) certificate validation bypass via a certificate containing an embedded null byte (\0) inside an OTHERNAME SAN (Subject Alternative Name) value.

Отчет

This vulnerability is rated Moderate for Red Hat products. Envoy's mTLS certificate matcher, when configured with match_typed_subject_alt_names, may incorrectly validate certificates containing an embedded null byte in the OTHERNAME SAN field. This could allow an attacker to bypass mTLS authentication if they can present a specially crafted certificate.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2openshift-service-mesh/grafana-rhel8Not affected
OpenShift Service Mesh 2openshift-service-mesh/istio-cni-rhel8Not affected
OpenShift Service Mesh 2openshift-service-mesh/istio-must-gather-rhel9Not affected
OpenShift Service Mesh 2openshift-service-mesh/istio-operator-bundleNot affected
OpenShift Service Mesh 2openshift-service-mesh/istio-rhel8-operatorNot affected
OpenShift Service Mesh 2openshift-service-mesh/pilot-rhel8Not affected
OpenShift Service Mesh 2openshift-service-mesh/proxyv2-rhel9Not affected
OpenShift Service Mesh 2openshift-service-mesh/ratelimit-rhel8Not affected
OpenShift Service Mesh 3openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9Not affected
OpenShift Service Mesh 3openshift-service-mesh/istio-cni-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-170
https://bugzilla.redhat.com/show_bug.cgi?id=2418661envoy: Envoy: mTLS certificate validation bypass via embedded null byte in SAN

EPSS

Процентиль: 0%
0.00002
Низкий

5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-66220

CVSS3: 5
nvd
4 месяца назад

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

debian логотип

CVE-2025-66220

CVSS3: 5
debian
4 месяца назад

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.3 ...

github логотип

GHSA-rwjg-c3h2-f57p

CVSS3: 5
github
4 месяца назад

Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

EPSS

Процентиль: 0%
0.00002
Низкий

5 Medium

CVSS3