Attackers can launch Denial-of-Service (DoS) attacks to force Envoy proxies to accept excessive connections, which may exhaust system file descriptors. This topic lists versions of Istio that contain the vulnerability and provides solutions.

For more information, see ISTIO-SECURITY-2020-007.

Affected versions

The following versions of Istio contain the vulnerability:
  • Istio 1.5.x: 1.5.0 to 1.5.6
  • Istio 1.6.x: 1.6.0 to 1.6.3


  • If you use Istio 1.5.x, update the Istio version to 1.5.7 or later.
  • If you use Istio 1.6.x, update the Istio version to 1.6.4 or later.