CVE-2022-31045

ULN >
Oracle Linux CVE repository >
CVE-2022-31045

CVE Details

Release Date:

2022-06-09

Description

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.

See more information about CVE-2022-31045 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:	9.8	Base Metrics:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Access Vector:	Network	Attack Complexity:	Low
Privileges Required:	None	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	High
Integrity Impact:	High	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (cri-o)	ELSA-2022-9589	2022-07-12
Oracle Linux version 7 (cri-tools)	ELSA-2022-9589	2022-07-12
Oracle Linux version 7 (etcd)	ELSA-2022-9589	2022-07-12
Oracle Linux version 7 (istio)	ELSA-2022-9587	2022-07-11
Oracle Linux version 7 (istio)	ELSA-2022-9589	2022-07-12
Oracle Linux version 7 (istio)	ELSA-2022-9772	2022-09-08
Oracle Linux version 7 (istio)	ELSA-2022-9774	2022-09-08
Oracle Linux version 7 (kata)	ELSA-2022-9589	2022-07-12
Oracle Linux version 7 (kubernetes)	ELSA-2022-9589	2022-07-12
Oracle Linux version 7 (olcne)	ELSA-2022-9587	2022-07-11
Oracle Linux version 7 (olcne)	ELSA-2022-9589	2022-07-12
Oracle Linux version 7 (olcne)	ELSA-2022-9772	2022-09-08
Oracle Linux version 7 (olcne)	ELSA-2022-9774	2022-09-08
Oracle Linux version 8 (cri-o)	ELSA-2022-9588	2022-07-12
Oracle Linux version 8 (cri-tools)	ELSA-2022-9588	2022-07-12
Oracle Linux version 8 (etcd)	ELSA-2022-9588	2022-07-12
Oracle Linux version 8 (istio)	ELSA-2022-9586	2022-07-11
Oracle Linux version 8 (istio)	ELSA-2022-9588	2022-07-12
Oracle Linux version 8 (istio)	ELSA-2022-9771	2022-09-08
Oracle Linux version 8 (istio)	ELSA-2022-9773	2022-09-08
Oracle Linux version 8 (kata)	ELSA-2022-9588	2022-07-12
Oracle Linux version 8 (kubernetes)	ELSA-2022-9588	2022-07-12
Oracle Linux version 8 (olcne)	ELSA-2022-9586	2022-07-11
Oracle Linux version 8 (olcne)	ELSA-2022-9588	2022-07-12
Oracle Linux version 8 (olcne)	ELSA-2022-9771	2022-09-08
Oracle Linux version 8 (olcne)	ELSA-2022-9773	2022-09-08

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691