CVE-2019-12995

HIGH

Istio < 1.2.2 - Denial of Service via JWT Authentication Segmentation Fault

Title source: llm
STIX 2.1

Description

Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.

References (3)

Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://istio.io/about/notes/
Third Party Advisory x_refsource_misc
https://github.com/istio/istio/issues/15084
Third Party Advisory x_refsource_misc
https://github.com/istio/istio.io/pull/4555

Scores

CVSS v3 7.5
EPSS 0.0219
EPSS Percentile 80.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
istio/istio < 1.2.2
Published Jun 28, 2019
Tracked Since Feb 18, 2026