Vulnerabilities > CVE-2019-12995 - NULL Pointer Dereference vulnerability in Istio

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
istio
CWE-476
NVD
Published: 2019-06-28
Updated: 2020-08-24

Summary

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.

Vulnerable Configurations

Part Description Count
Application
Istio
86

Common Weakness Enumeration (CWE)

References