Search for vulnerabilities
Vulnerability details: VCID-smme-5z7a-aaan
Vulnerability ID VCID-smme-5z7a-aaan
Aliases CVE-2022-24726
Summary CVE-2022-24726 istio: Unauthenticated control plane denial of service attack due to stack exhaustion
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-400 Uncontrolled Resource Consumption
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:1275
rhas Important https://access.redhat.com/errata/RHSA-2022:1276
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24726.json
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00159 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00217 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00389 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
epss 0.00563 https://api.first.org/data/v1/epss?cve=CVE-2022-24726
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2061638
cvssv3.1 7.5 https://github.com/golang/go/issues/51112
ssvc Track https://github.com/golang/go/issues/51112
cvssv3.1 7.5 https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
ssvc Track https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
cvssv3.1 7.5 https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
ssvc Track https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-24726
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24726
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24726
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24726.json
https://api.first.org/data/v1/epss?cve=CVE-2022-24726
https://github.com/golang/go/issues/51112
https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
2061638 https://bugzilla.redhat.com/show_bug.cgi?id=2061638
cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
CVE-2022-24726 https://nvd.nist.gov/vuln/detail/CVE-2022-24726
ISTIO-SECURITY-2022-004 https://istio.io/latest/news/security/ISTIO-SECURITY-2022-004/
RHSA-2022:1275 https://access.redhat.com/errata/RHSA-2022:1275
RHSA-2022:1276 https://access.redhat.com/errata/RHSA-2022:1276
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24726.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/golang/go/issues/51112
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/ Found at https://github.com/golang/go/issues/51112
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/ Found at https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/ Found at https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24726
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24726
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24726
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.27511
EPSS Score 0.00118
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.