mirror of https://github.com/istio/istio.io.git
1.6 KiB
1.6 KiB
| title | subtitle | description | cves | cvss | vector | releases | publishdate | keywords | skip_seealso | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ISTIO-SECURITY-2021-003 | Security Bulletin |
|
7.5 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
2021-04-15 |
|
true |
{{< security_bulletin >}}
Envoy, and subsequently Istio, is vulnerable to several newly discovered vulnerabilities:
- CVE-2021-28683:
Envoy contains a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
- CVSS Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CVE-2021-28682:
Envoy contains a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
- CVSS Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CVE-2021-29258:
Envoy contains a remotely exploitable vulnerability where an HTTP2 request with an empty metadata map can cause Envoy to crash.
- CVSS Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
{{< boilerplate "security-vulnerability" >}}