CVE-2019-25014

{"id": "CVE-2019-25014", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-01-29T06:15:12.883", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919066", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/istio/istio/compare/1.4.2...1.5.0-alpha.0", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application)."}, {"lang": "es", "value": "Se encontr\u00f3 una desreferencia del puntero NULL en el archivo pkg/proxy/envoy/v2/debug.go en la funci\u00f3n getResourceVersion en Istio pilot versiones anteriores a 1.5.0-alpha.0. Si es realizado una petici\u00f3n HTTP GET en particular al endpoint de la API pilot, es posible que el tiempo de ejecuci\u00f3n de Go entre en p\u00e1nico (resultando en una denegaci\u00f3n de servicio para la aplicaci\u00f3n istio-pilot)"}], "lastModified": "2021-02-03T18:25:27.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A68E2C21-292A-4EA0-BE70-6825055B709D", "versionEndIncluding": "1.4.9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "732F14CE-7994-4DD2-A28B-AE9E79826C01"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}