CVE-2020-10739

istio/envoy: crafted packet allows remote attacker to cause denial of service

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service.

Istio versiones 1.4.x anteriores a 1.4.9 e Istio versiones 1.5.x anteriores a 1.5.4, contienen la siguiente vulnerabilidad cuando se habilita la telemetry v2: al enviar un paquete especialmente diseñado, un atacante podría desencadenar una Excepción de Puntero Null resultando en una Denegación de Servicio. Esto podría ser enviado hacia la puerta de enlace de ingreso o un archivo sidecar, desencadenando una excepción de puntero null que resulta en una denegación de servicio. Esto también afecta a servicemesh-proxy donde fue encontrado un fallo de excepción de puntero null en servicemesh-proxy. Cuando se ejecuta Telemetry v2 (no activado por defecto en la versión 1.4.x), un atacante podría enviar un paquete especialmente diseñado hacia la puerta de enlace de ingreso o al proxy sidecar, desencadenando una denegación de servicio.

A null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-20 CVE Reserved
2020-05-14 CVE Published
2024-04-06 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (5)

URL	Tag	Source
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739	Broken Link

URL	Date	SRC

URL	Date	SRC
https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633	2023-11-07

URL	Date	SRC
https://istio.io/news/security/istio-security-2020-005	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-10739	2020-05-13
https://bugzilla.redhat.com/show_bug.cgi?id=1833184	2020-05-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Istio Search vendor "Istio"		Istio Search vendor "Istio" for product "Istio"				>= 1.4.0 < 1.4.9 Search vendor "Istio" for product "Istio" and version " >= 1.4.0 < 1.4.9"		-		Affected
Istio Search vendor "Istio"		Istio Search vendor "Istio" for product "Istio"				>= 1.5.0 < 1.5.4 Search vendor "Istio" for product "Istio" and version " >= 1.5.0 < 1.5.4"		-		Affected