First published: Tue Mar 08 2022(Updated: )
A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/servicemesh | <0:2.0.9-3.el8 | 0:2.0.9-3.el8 |
redhat/servicemesh | <0:2.1.2-4.el8 | 0:2.1.2-4.el8 |
redhat/istio | <1.11.8 | 1.11.8 |
redhat/istio | <1.12.5 | 1.12.5 |
redhat/istio | <1.13.2 | 1.13.2 |
Istio Istio | <1.11.8 | |
Istio Istio | >=1.12.0<1.12.5 | |
Istio Istio | >=1.13.0<1.13.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Istio flaw is CVE-2022-24726.
Istio is an open platform to connect, manage, and secure microservices.
The severity level of CVE-2022-24726 is high with a CVSS score of 7.5.
CVE-2022-24726 affects the Istio control plane, istiod, by causing a request processing error that can result in crashing of the control plane.
To fix CVE-2022-24726 in Istio, you need to upgrade to version 1.11.8, 1.12.5, or 1.13.2 depending on your current version.