The vulnerability stems from std::regex's recursive implementation in GCC (CVE-2019-14993) causing stack overflows. Istio's affected components (JWT, VirtualService) use Envoy's regex matching for routing and policy enforcement. The identified functions handle regex processing at the core of these features. Envoy's RouteMatcher and StdRegexMatcher directly interact with vulnerable regex implementations, while JWT filter functions process regex patterns for claims validation. These functions would appear in stack traces during exploitation attempts with long URIs triggering excessive recursion.