ByteOS Network

NVD Vulnerability Details :

CVE-2022-31077

Analyzed

Source-security-advisories@github.com

Published At-27 Jun, 2022 | 21:15

Updated At-11 Jul, 2022 | 14:28

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Secondary	3.1	4.0	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:N/A:P

CPE Matches

The Linux Foundation

>>kubeedge>>Versions before 1.9.3(exclusive)

cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*

The Linux Foundation

>>kubeedge>>1.10.0

cpe:2.3:a:linuxfoundation:kubeedge:1.10.0:-:*:*:*:*:*:*

The Linux Foundation

>>kubeedge>>1.10.0

cpe:2.3:a:linuxfoundation:kubeedge:1.10.0:beta0:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-476	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/kubeedge/kubeedge/pull/3899	security-advisories@github.com	Patch Third Party Advisory
https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701	security-advisories@github.com	Patch Third Party Advisory
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x938-fvfw-7jh5	security-advisories@github.com	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History