Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing.
|CVSS Impact Score||5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H|
Do not use Istio 1.14.2 and Istio 1.13.6
Due to a process issue, CVE-2022-31045 was not included in our Istio 1.14.2 and Istio 1.13.6 builds.
At this time we suggest you do not install 1.14.2 or 1.13.6 in a production environment. If you have, you may downgrade to Istio 1.14.1 or Istio 1.13.5. Istio 1.14.3 and Istio 1.13.7 are expected to be released later this week.