Out-of-bounds Read Affecting istio.io/istio/pkg/istio-agent package, versions <1.12.8 >=1.13.0 <1.13.5 >=1.14.0 <1.14.1
Snyk CVSS
Attack Complexity
High
Availability
High
Threat Intelligence
EPSS
0.28% (68th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-ISTIOIOISTIOPKGISTIOAGENT-2866428
- published 10 Jun 2022
- disclosed 10 Jun 2022
- credit oschaaf
Introduced: 10 Jun 2022
CVE-2022-31045 Open this link in a new tabHow to fix?
Upgrade istio.io/istio/pkg/istio-agent
to version 1.12.8, 1.13.5, 1.14.1 or higher.
Overview
Affected versions of this package are vulnerable to Out-of-bounds Read due to Ill-formed headers which are sent to Envoy in certain configurations that can lead to unexpected memory access.
Note: You are at most risk if you have an Istio ingress
Gateway exposed to external traffic.