Attackers can launch Denial-of-Service (DoS) attacks to force Envoy proxies to accept excessive connections, which may exhaust system file descriptors. This topic lists versions of Istio that contain the vulnerability and provides solutions.
For more information, see ISTIO-SECURITY-2020-007.
- Istio 1.5.x: 1.5.0 to 1.5.6
- Istio 1.6.x: 1.6.0 to 1.6.3
- If you use Istio 1.5.x, update the Istio version to 1.5.7 or later.
- If you use Istio 1.6.x, update the Istio version to 1.6.4 or later.