PT-2019-5282 · Istio · Istio

Publicado

2019-11-11

Atualizado

2022-05-24

CVE-2019-18817

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Istio versions 1.3.x through 1.3.4

Description The issue is related to a denial of service condition that can be triggered by submitting specific input, causing the system to enter an infinite loop. This can allow an attacker to disrupt service. The problem is associated with the continue on listener filters timeout setting being set to True.

Recommendations For Istio versions 1.3.x through 1.3.4, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider setting continue on listener filters timeout to False to prevent the denial of service condition.

Exploit

Correção

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

BDU:2020-02183

CVE-2019-18817

GHSA-VC7H-CMP3-4HW5

Produtos afetados

Istio

PT-2019-5282 · Istio · Istio

CVE-2019-18817

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10