Antoninbas

**Name of the Vulnerable Software and Affected Versions** Antrea versions prior to 2.4.5 and 2.5.2 **Description** Antrea, a Kubernetes networking solution, has a missing encryption issue affecting inter-Node Pod traffic. In dual-stack networking clusters with IPsec encryption enabled (`trafficEncryptionMode: ipsec`), IPv6 Pod traffic is not encrypted, while IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload). This occurs because IPv6 packets bypass the IPsec encryption layer during encapsulation using Geneve or VXLAN. Single-stack IPv4 or IPv6 clusters are not affected. **Recommendations** Upgrade to Antrea version 2.4.5 or later. Upgrade to Antrea version 2.5.2 or later. Upgrade to Antrea version 2.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** Antrea versions prior to 2.3.2 Antrea versions prior to 2.4.3 **Description** Antrea, a Kubernetes networking solution, contains a flaw in its network policy priority assignment system. A uint16 arithmetic overflow bug leads to incorrect OpenFlow priority calculations when managing a significant number of policies with diverse priority values. This can result in incorrect traffic enforcement. **Recommendations** Update to Antrea version 2.3.2 or later. Update to Antrea version 2.4.3 or later.