ISTIO-SECURITY-2021-003
Security Bulletin
| Disclosure Details | |
|---|---|
| CVE(s) | CVE-2021-286831 CVE-2021-286822 CVE-2021-292583 |
| CVSS Impact Score | 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H4 |
| Affected Releases | All releases prior to 1.8.5 1.9.0 to 1.9.2 |
Envoy, and subsequently Istio, is vulnerable to several newly discovered vulnerabilities:
- CVE-2021-286831:
Envoy contains a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
- CVSS Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H5
- CVE-2021-286822:
Envoy contains a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
- CVSS Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H5
- CVE-2021-292583:
Envoy contains a remotely exploitable vulnerability where an HTTP2 request with an empty metadata map can cause Envoy to crash.
- CVSS Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H5
Reporting vulnerabilities
We’d like to remind our community to follow the vulnerability reporting process6 to report any bug that can result in a security vulnerability.