First published: Wed Oct 12 2022(Updated: )
An uncontrolled resource consumption flaw was found in the Istio control plane, istiod. This issue could allow an unauthenticated remote attacker to send a specially crafted or oversized message that could cause a denial of service.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Istio | <1.15.2 | 1.15.2 |
redhat/Istio | <1.14.5 | 1.14.5 |
redhat/Istio | <1.13.9 | 1.13.9 |
Istio Istio | <1.13.9 | |
Istio Istio | >=1.14.0<1.14.5 | |
Istio Istio | >=1.15.0<1.15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-39278 is a vulnerability found in the Istio control plane istiod, allowing a malicious attacker to cause an uncontrolled resource consumption.
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection.
Versions 1.15.2, 1.14.5, and 1.13.9 of Istio are affected by CVE-2022-39278.
CVE-2022-39278 can be exploited by a malicious attacker who sends a specific request to the vulnerable Istio control plane, istiod.
CVE-2022-39278 has a severity rating of 7.5 (high).