CVE-2020-10739: NULL Pointer Dereference

June 2, 2020

By sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739
istio.io/news/security/istio-security-2020-005/
nvd.nist.gov/vuln/detail/CVE-2020-10739

Detect and mitigate CVE-2020-10739 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →