CVE-2020-10739
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-10739
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10739.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-10739
- Downstream
- Published
- 2020-06-02T13:15:10Z
- Modified
- 2025-10-27T04:10:03.091028Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, triggering a null pointer exception which results in a denial of service. This also affects servicemesh-proxy where a null pointer exception flaw was found in servicemesh-proxy. When running Telemetry v2 (not on by default in version 1.4.x), an attacker could send a specially crafted packet to the ingress gateway or proxy sidecar, triggering a denial of service.
- References
Affected packages
Git / github.com/istio/envoy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/istio/envoy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2020-10739-03c977b6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "144418771634602675266619924996445000105",
"length": 328.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onDownstreamData"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-0cc2daed",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "119401861654085209639537905497552771115",
"length": 446.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onRequestBody"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-1356a0cd",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "292372990768365950324484642866959694509",
"length": 230.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onRequestMetadata"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-1458bfb0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "175006914997678037736939362669164344467",
"length": 449.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onResponseBody"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-166ce7de",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "100948544781443413269912324761079751725",
"length": 1784.0
},
"target": {
"file": "test/extensions/wasm/wasm_test.cc",
"function": "TEST_P"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-1e7c76ce",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "285582764189768012593364682494609597926",
"length": 238.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onResponseTrailers"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-2590a6f7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "328155305425271941194726340624054929958",
"length": 196.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onUpstreamConnectionClose"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-287e329b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "142413371051953978010318518277266505230",
"length": 260.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onStart"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-2c370400",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "293853330474912094260888753044086776857",
"length": 90.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onLog"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-3c81c540",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "320003177995607809135779470478168700342",
"length": 202.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onDownstreamConnectionClose"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-4074ef9a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"229487963732046805401006134730619086679",
"201746524320129204509288921784944374114",
"121678224801768999699882851040779894596",
"90195317435430369512161828531462885935",
"80475174080544647056968308835315615338",
"16518257402151727957917425684438623935",
"39460086010914546348467350681593241988",
"256290862722264980609579949806059372185",
"264910779750008669473267029809515718163",
"287459172578879268878769306669981865752",
"158443016491593236865687549365039789868",
"127848866054052484928717882424947028196",
"129376021707437604914062114309113673798",
"17789418098630878769631936484683977908",
"264339536364621485070644412791850553685",
"257038805493150500485547371698347227488",
"1782158456084156232534229625671462120",
"281204095290916184439318375155011148263",
"291346458753061229235206107772181423007",
"288262888024542106871903771708060316001",
"330645290074450325988604305429257597164",
"137455758781017003278905473807517640498",
"1003665625717136654181391676767911305",
"260647774827107235677030798809033242026",
"119208384788935439528349396389353903916",
"276223332608640986299781113219229819270",
"109516425712183732509326973674792572118",
"338728363847898197038709500519525024732",
"161570372611001466729357046703789341920",
"133383199482441109775072814523400140262",
"42185089738384739236142475522861568956",
"199330581884932268346275067916790837820",
"53855938550033189786337750788792268993",
"79965210284109958565692450387365855017",
"234479000474573836448264123024374108470",
"254298741018658724755117258405148585263",
"244464890093160590730681477023591907553",
"131060112957589932817572435485446358145",
"24584433250297706450876303768725019954",
"155348840853419284968031487773621247111",
"104681328610406419344093443964936814849",
"109073831819973863699338151245555259908",
"249536865748361396287199340982698020672",
"14132225681002848380099217073303709464",
"149994745059662328213964871567992002956",
"19144918959376420759431493412661785244",
"151053836814424218505532295523672343939",
"136176846272358168126640663654553114498",
"145542321229486102072634827753736191725",
"20220889139776773101901092254254086898",
"328505530668940505588011691611691377423",
"107395740716856551328142331067801459246",
"275464874044183268998522449299892280132",
"272293166540362762795304337966075987232",
"185401602834059229540982445327591297790",
"337472478060507409818082232078732879795",
"64953109757020245593244887034503069808",
"304623102775806358946787999767398287931",
"247045618350982966882871927521461155146",
"223907878252227922085044875688200861013",
"111950426341137314370096143447081496442",
"97771006243574595796202023174186353715",
"315831541467536787304830010077947707633"
],
"threshold": 0.9
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-493169a4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"4101917600231838749936092010098574884",
"82256776787673459636664290676749364148",
"133830639277006672250675814183088403597"
],
"threshold": 0.9
},
"target": {
"file": "source/extensions/common/wasm/wasm.h"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-4dbad02f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "312369592459433731794113061395707827011",
"length": 1572.0
},
"target": {
"file": "test/extensions/wasm/wasm_test.cc",
"function": "TEST_P"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-4fb2c84f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "145611263726665230511805826364003329064",
"length": 233.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onResponseMetadata"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-625b1e1d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "272003164781017359961435358495651604664",
"length": 322.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onUpstreamData"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-62e03295",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "171301711909469919114414188509995837875",
"length": 93.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onDone"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-98bab6d9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"159754038379105599111581434469798823834",
"106899935835100563931653431324426888692",
"142854688199199751945028568831800903181",
"236657048184413933002384182799839519792",
"98096873453750862276785309815277597490",
"179057625799544371662831883929224755370",
"52984856861645408102799027179347649628",
"37867054659920583653570523795229786101"
],
"threshold": 0.9
},
"target": {
"file": "test/extensions/wasm/wasm_test.cc"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-af57cd80",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "283774774090203922496631297024746589755",
"length": 99.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onDelete"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-be67d023",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "106287267271398195855363053437578384698",
"length": 268.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onNetworkNewConnection"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
},
{
"id": "CVE-2020-10739-e6ef2591",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "22721760173472508881522443803828842964",
"length": 235.0
},
"target": {
"file": "source/extensions/common/wasm/wasm.cc",
"function": "Context::onRequestTrailers"
},
"source": "https://github.com/istio/envoy/commit/8788a3cf255b647fd14e6b5e2585abaaedb28153"
}
]