CVE-2020-10739 - OpenCVE

Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Istio	Istio

Configuration 1 [-]

OR	cpe:2.3:a:istio:istio::::::::
	cpe:2.3:a:istio:istio::::::::

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739	Broken Link Issue Tracking Third Party Advisory
https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633	Patch Third Party Advisory
https://istio.io/news/security/istio-security-2020-005/	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-06-02T12:22:15

Updated: 2020-06-02T12:22:15

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10739

JSON object: View

NVD Information

Status : Modified

Published: 2020-06-02T13:15:10.983

Modified: 2023-11-07T03:14:18.780

Link: CVE-2020-10739

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "istio/envoy", "vendor": "istio.io", "versions": [{"status": "affected", "version": ">= 1.4.0, < 1.4.9"}, {"status": "affected", "version": ">= 1.5.0, < 1.5.4"}]}], "descriptions": [{"lang": "en", "value": "Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-02T12:22:15", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://istio.io/news/security/istio-security-2020-005/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-10739", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "istio/envoy", "version": {"version_data": [{"version_value": ">= 1.4.0, < 1.4.9"}, {"version_value": ">= 1.5.0, < 1.5.4"}]}}]}, "vendor_name": "istio.io"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service."}]}, "impact": {"cvss": [[{"vectorString": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739"}, {"name": "https://istio.io/news/security/istio-security-2020-005/", "refsource": "CONFIRM", "url": "https://istio.io/news/security/istio-security-2020-005/"}, {"name": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633", "refsource": "MISC", "url": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-10739", "datePublished": "2020-06-02T12:22:15", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2020-06-02T12:22:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "matchCriteriaId": "11766B73-EF96-44BC-A741-03DE8E93C7BE", "versionEndExcluding": "1.4.9", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D7A6B12-4FF8-42D5-86AA-70535571BD1E", "versionEndExcluding": "1.5.4", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service."}, {"lang": "es", "value": "Istio versiones 1.4.x anteriores a 1.4.9 e Istio versiones 1.5.x anteriores a 1.5.4, contienen la siguiente vulnerabilidad cuando se habilita la telemetry v2: al enviar un paquete especialmente dise\u00f1ado, un atacante podr\u00eda desencadenar una Excepci\u00f3n de Puntero Null resultando en una Denegaci\u00f3n de Servicio. Esto podr\u00eda ser enviado hacia la puerta de enlace de ingreso o un archivo sidecar, desencadenando una excepci\u00f3n de puntero null que resulta en una denegaci\u00f3n de servicio. Esto tambi\u00e9n afecta a servicemesh-proxy donde fue encontrado un fallo de excepci\u00f3n de puntero null en servicemesh-proxy. Cuando se ejecuta Telemetry v2 (no activado por defecto en la versi\u00f3n 1.4.x), un atacante podr\u00eda enviar un paquete especialmente dise\u00f1ado hacia la puerta de enlace de ingreso o al proxy sidecar, desencadenando una denegaci\u00f3n de servicio."}], "id": "CVE-2020-10739", "lastModified": "2023-11-07T03:14:18.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-06-02T13:15:10.983", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://istio.io/news/security/istio-security-2020-005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}]}