1. Home
  2. Vulnerabilities
  3. CVE-2020-10739

CVE-2020-10739

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.35 % (72th)
0.35% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service.

Weaknesses
CWE-476
NULL Pointer Dereference
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2020-06-02 13:15:10
(4 years ago)
Updated Date
2023-11-07 03:14:18
(10 months ago)

Affected Products

Istio

Configuration #1

    CPE23 From Up To
  Istio from 1.4.0 version and prior 1.4.9 version cpe:2.3:a:istio:istio >= 1.4.0 < 1.4.9
  Istio from 1.5.0 version and prior 1.5.4 version cpe:2.3:a:istio:istio >= 1.5.0 < 1.5.4