{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T07:03:13.903","vulnerabilities":[{"cve":{"id":"CVE-2020-10739","sourceIdentifier":"secalert@redhat.com","published":"2020-06-02T13:15:10.983","lastModified":"2024-11-21T04:55:58.273","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service."},{"lang":"es","value":"Istio versiones 1.4.x anteriores a 1.4.9 e Istio versiones 1.5.x anteriores a 1.5.4, contienen la siguiente vulnerabilidad cuando se habilita la telemetry v2: al enviar un paquete especialmente diseñado, un atacante podría desencadenar una Excepción de Puntero Null resultando en una Denegación de Servicio. Esto podría ser enviado hacia la puerta de enlace de ingreso o un archivo sidecar, desencadenando una excepción de puntero null que resulta en una denegación de servicio. Esto también afecta a servicemesh-proxy donde fue encontrado un fallo de excepción de puntero null en servicemesh-proxy. Cuando se ejecuta Telemetry v2 (no activado por defecto en la versión 1.4.x), un atacante podría enviar un paquete especialmente diseñado hacia la puerta de enlace de ingreso o al proxy sidecar, desencadenando una denegación de servicio."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.9","matchCriteriaId":"11766B73-EF96-44BC-A741-03DE8E93C7BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.5.4","matchCriteriaId":"5D7A6B12-4FF8-42D5-86AA-70535571BD1E"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739","source":"secalert@redhat.com","tags":["Broken Link","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://istio.io/news/security/istio-security-2020-005/","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10739","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153#diff-fcf2cf5dd389b5285f882ba4a8708633","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://istio.io/news/security/istio-security-2020-005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}