PT-2019-5282 · Istio · Istio

Published

2019-11-11

Updated

2022-05-24

CVE-2019-18817

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Istio versions 1.3.x through 1.3.4

Description The issue is related to a denial of service condition that can be triggered by submitting specific input, causing the system to enter an infinite loop. This can allow an attacker to disrupt service. The problem is associated with the continue on listener filters timeout setting being set to True.

Recommendations For Istio versions 1.3.x through 1.3.4, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider setting continue on listener filters timeout to False to prevent the denial of service condition.

Exploit

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2020-02183

CVE-2019-18817

GHSA-VC7H-CMP3-4HW5

Affected Products

Istio

PT-2019-5282 · Istio · Istio

CVE-2019-18817

Weakness Enumeration

Related Identifiers

Affected Products

References · 10