Attackers can send specially crafted packets to an Alibaba Cloud Service Mesh (ASM) instance to increase the memory usage of the ASM instance. This topic lists versions of Istio that contain the vulnerability and provides solutions.

For more information, see ISTIO-SECURITY-2020-007.

Affected versions

The following versions of Istio contain the vulnerability:
  • Istio 1.5.x: 1.5.0 to 1.5.6
  • Istio 1.6.x: 1.6.0 to 1.6.3

Solutions

  • If you use Istio 1.5.x, update the Istio version to 1.5.7 or later.
  • If you use Istio 1.6.x, update the Istio version to 1.6.4 or later.