RHSA-2022_1275
Vulnerability from csaf_redhat - Published: 2022-04-07 18:06 - Updated: 2024-11-22 18:32Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2 security update
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 2.1.2
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service
mesh project, tailored for installation into an on-premise OpenShift Container
Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)
* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)
* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)
* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)
* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)
* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)
* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)
* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.
7.5 (High)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.
7.5 (High)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.
7.5 (High)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.
9.4 (Critical)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.
7.5 (High)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.
6.5 (Medium)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.
7.5 (High)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.
7.5 (High)
Vendor Fix
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
https://access.redhat.com/errata/RHSA-2022:1275
References
Acknowledgments
Istio Product Security Working Group
Oliver Liu, John Howard and Jacob Delgado
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.1.2\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service\nmesh project, tailored for installation into an on-premise OpenShift Container\nPlatform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1275",
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "external",
"summary": "OSSM-1074",
"url": "https://issues.redhat.com/browse/OSSM-1074"
},
{
"category": "external",
"summary": "OSSM-1234",
"url": "https://issues.redhat.com/browse/OSSM-1234"
},
{
"category": "external",
"summary": "OSSM-303",
"url": "https://issues.redhat.com/browse/OSSM-303"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1275.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2 security update",
"tracking": {
"current_release_date": "2024-11-22T18:32:31+00:00",
"generator": {
"date": "2024-11-22T18:32:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:1275",
"initial_release_date": "2022-04-07T18:06:45+00:00",
"revision_history": [
{
"date": "2022-04-07T18:06:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-07T18:06:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:32:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Service Mesh 2.1",
"product": {
"name": "OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.src",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.src",
"product_id": "servicemesh-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.src",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"product": {
"name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"product_id": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-wasm@2.1.2-4.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
},
"product_reference": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43824",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Null pointer dereference when using JWT filter safe_regex match",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43824"
},
{
"category": "external",
"summary": "RHBZ#2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Null pointer dereference when using JWT filter safe_regex match"
},
{
"cve": "CVE-2021-43825",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050746"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when response filters increase response data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43825"
},
{
"category": "external",
"summary": "RHBZ#2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when response filters increase response data"
},
{
"cve": "CVE-2021-43826",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when tunneling TCP over HTTP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43826"
},
{
"category": "external",
"summary": "RHBZ#2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when tunneling TCP over HTTP"
},
{
"cve": "CVE-2022-21654",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21654"
},
{
"category": "external",
"summary": "RHBZ#2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21654",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21654"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation"
},
{
"cve": "CVE-2022-21655",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect handling of internal redirects to routes with a direct response entry",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21655"
},
{
"category": "external",
"summary": "RHBZ#2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect handling of internal redirects to routes with a direct response entry"
},
{
"cve": "CVE-2022-23606",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050758"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23606"
},
{
"category": "external",
"summary": "RHBZ#2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23606",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service"
},
{
"cve": "CVE-2022-23635",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-02-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: unauthenticated control plane denial of service attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23635"
},
{
"category": "external",
"summary": "RHBZ#2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-003",
"url": "https://istio.io/latest/news/security/istio-security-2022-003"
}
],
"release_date": "2022-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "istio: unauthenticated control plane denial of service attack"
},
{
"acknowledgments": [
{
"names": [
"Oliver Liu, John Howard and Jacob Delgado"
],
"organization": "Istio Product Security Working Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-24726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061638"
}
],
"notes": [
{
"category": "description",
"text": "A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24726"
},
{
"category": "external",
"summary": "RHBZ#2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-004/",
"url": "https://istio.io/latest/news/security/istio-security-2022-004/"
}
],
"release_date": "2022-03-09T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…