CVE-2019-12995
HIGHIstio < 1.2.2 - Denial of Service via JWT Authentication Segmentation Fault
Title source: llmDescription
Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch 0 terminated with an error" in Envoy. This is related to a jwt_authenticator.cc segmentation fault.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://istio.io/about/notes/
Third Party Advisory x_refsource_misc
https://github.com/istio/istio/issues/15084
Third Party Advisory x_refsource_misc
https://github.com/istio/istio.io/pull/4555
Scores
CVSS v3
7.5
EPSS
0.0219
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
istio/istio
< 1.2.2
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026