istio.io/content/en/news/security/istio-security-2023-004/index.md

title	subtitle	description	cves	cvss	vector	releases	publishdate	keywords	skip_seealso
ISTIO-SECURITY-2023-004	Security Bulletin	CVEs reported by Envoy and Go.	CVE-2023-44487 CVE-2023-39325	7.5	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	All releases prior to 1.17.0 1.17.0 to 1.17.6 1.18.0 to 1.18.3 1.19.0 to 1.19.1	2023-10-11	CVE	true

{{< security_bulletin >}}

CVE

Envoy CVE

• CVE-2023-44487: (CVSS Score 7.5, High): HTTP/2 denial of service

Go CVE

• CVE-2023-39325: (CVSS Score 7.5, High): HTTP/2 denial of service

Am I Impacted?

You are impacted If you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.