ISTIO-SECURITY-2022-006
Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing.
| Disclosure Details | |
|---|---|
| CVE(s) | CVE-2022-31045 |
| CVSS Impact Score | 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Affected Releases | 1.13.6 1.14.2 |
Do not use Istio 1.14.2 and Istio 1.13.6
Due to a process issue, CVE-2022-31045 was not included in our Istio 1.14.2 and Istio 1.13.6 builds.
At this time we suggest you do not install 1.14.2 or 1.13.6 in a production environment. If you have, you may downgrade to Istio 1.14.1 or Istio 1.13.5. Istio 1.14.3 and Istio 1.13.7 are expected to be released later this week.