Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
https://istio.io/latest/news/security/istio-security-2021-003/ https://github.com/envoyproxy/envoy/commit/35783a5559f5e883533fdbe7b913dd63d4dc772e