U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): istio
  • Search Type: Search All
  • CPE Name Search: false
There are 24 matching records.
Displaying matches 21 through 24.
Vuln ID Summary CVSS Severity
CVE-2019-18817

Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.

Published: November 12, 2019; 9:15:11 AM -0500 		V3.1: 7.5 HIGH
 V2.0: 5.0 MEDIUM
CVE-2019-14993

Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.

Published: August 13, 2019; 2:15:13 PM -0400 		V3.0: 7.5 HIGH
 V2.0: 5.0 MEDIUM
CVE-2019-12995

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.

Published: June 28, 2019; 6:15:11 AM -0400 		V3.0: 7.5 HIGH
 V2.0: 5.0 MEDIUM
CVE-2019-12243

Istio 1.1.x through 1.1.6 has Incorrect Access Control.

Published: June 05, 2019; 11:29:01 AM -0400 		V3.0: 7.5 HIGH
 V2.0: 5.4 MEDIUM