CVE-2022-31045 HIGH

CVE-2022-31045: Ill-formed headers may lead to unexpected behavior in Istio

Vendor Istio
Product istio
Weakness CWE-125
Published June 9, 2022
Last update April 23, 2025

CVSS base score

7.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

June 9, 2022 CVE published
April 23, 2025 Record updated