Skambashi

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.11.1 **Description** A denial of service issue exists due to the libstdc++ regular expression implementation. A remote attacker can send a request with a very long URI, resulting in excessive memory consumption. **Recommendations** For versions prior to 1.11.1, update to a version that contains a fix for this issue to prevent denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Istio versions 1.1.0 through 1.1.12 Istio versions 1.2.0 through 1.2.3 **Description** The issue is related to insufficient handling of regular expressions for long URIs, which can lead to a denial of service. This problem affects the use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. **Recommendations** For Istio versions 1.1.0 through 1.1.12, update to version 1.1.13 or later. For Istio versions 1.2.0 through 1.2.3, update to version 1.2.4 or later.