CVE-2020-10739

Name of the Vulnerable Software and Affected Versions Istio versions 1.4.x through 1.4.8 Istio versions 1.5.x through 1.5.3

Description The issue allows an attacker to trigger a Null Pointer Exception, resulting in a Denial of Service. This can be achieved by sending a specially crafted packet to the ingress gateway or a sidecar. The flaw is present when telemetry v2 is enabled. The servicemesh-proxy is also affected by a null pointer exception flaw.

Recommendations For Istio versions 1.4.x through 1.4.8, update to version 1.4.9 or later. For Istio versions 1.5.x through 1.5.3, update to version 1.5.4 or later. As a temporary workaround, consider disabling telemetry v2 until a patch is available.