CVE-2019-25014 in Istio and Red Hat Products
Published on January 29, 2021
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
Products Associated with CVE-2019-25014
stack.watch emails you whenever new vulnerabilities are published in Istio or Red Hat Openshift Service Mesh. Just hit a watch button to start following.
Exploit Probability
EPSS
0.15%
Percentile
36.11%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.