A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1919066 | Issue Tracking Patch Third Party Advisory |
https://github.com/istio/istio/compare/1.4.2...1.5.0-alpha.0 | Third Party Advisory |
Configurations
History
03 Feb 2021, 18:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-476 | |
References | (MISC) https://github.com/istio/istio/compare/1.4.2...1.5.0-alpha.0 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1919066 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CPE | cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:* |
29 Jan 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-29 06:15
Updated : 2023-12-10 13:41
NVD link : CVE-2019-25014
Mitre link : CVE-2019-25014
CVE.ORG link : CVE-2019-25014
JSON object : View
Products Affected
redhat
- openshift_service_mesh
istio
- istio
CWE
CWE-476
NULL Pointer Dereference