CVE-2022-31045: Out-of-bounds Read

June 10, 2022

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.

References

github.com/advisories/GHSA-xwx5-5c9g-x68x
github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x
istio.io/latest/news/security/istio-security-2022-05
nvd.nist.gov/vuln/detail/CVE-2022-31045

Detect and mitigate CVE-2022-31045 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →