Lucene search
K
LinuxfoundationKubeedge

8 matches found

CVE
CVE
added 2022/07/11 8:55 p.m.584 views

CVE-2022-31080

KubeEdge’s Websocket Client (Viaduct) in versions prior to 1.11.1, 1.10.2, and 1.9.4 is vulnerable to a DoS through memory exhaustion. The issue arises when a large response is read fully into memory, allowing an attacker to trigger a request that returns a large body and exhausts memory, potenti...

6.5CVSS5.3AI score0.00672EPSS
CVE
CVE
added 2022/07/11 8:25 p.m.522 views

CVE-2022-31078

KubeEdge CloudCore Router memory exhaustion DoS vulnerability (CVE-2022-31078) affects pre-1.11.1, pre-1.10.2, and pre-1.9.4 releases. The REST handler’s HTTP response size is not limited, allowing an authenticated cloud user to trigger a large response that exhausts memory and causes CloudCore d...

6.5CVSS5.2AI score0.00652EPSS
CVE
CVE
added 2022/07/11 8:10 p.m.102 views

CVE-2022-31074

CVE-2022-31074 affects KubeEdge Cloud AdmissionController. Several endpoints may be exploited to cause a DoS by sending an HTTP request with a very large body, exhausting the controller and causing denial of service. The issue is fixed in KubeEdge releases 1.11.1, 1.10.2, and 1.9.4; upgrading to ...

6.5CVSS5.3AI score0.00763EPSS
CVE
CVE
added 2022/07/11 8:5 p.m.97 views

CVE-2022-31073

Summary of CVE-2022-31073 (KubeEdge) : The DoS vulnerability affects the edge-side ServiceBus server in KubeEdge. If the ServiceBus module is enabled (edgecore.yaml) and a very large HTTP body is sent to the edge node, memory exhaustion can occur, potentially starving other containers on the node...

7.5CVSS6.8AI score0.01556EPSS
CVE
CVE
added 2022/07/11 8:15 p.m.94 views

CVE-2022-31075

CVE-2022-31075 affects KubeEdge EdgeCore when the CloudHub module is enabled. A maliciously crafted HTTP request to /edge.crt with a very large body can exhaust memory and crash the CloudHub HTTP service, leading to a denial of service. This vulnerability exists in versions prior to 1.11.1, 1.10....

6.5CVSS5.5AI score0.00927EPSS
CVE
CVE
added 2022/07/11 8:40 p.m.88 views

CVE-2022-31079

KubeEdge CVE-2022-31079 causes a DoS by allowing a large message to be read into memory by the Cloud Stream and Edge Stream servers. Affects versions prior to 1.11.1, 1.10.2, and 1.9.4 when cloudStream (cloudcore.yaml) and edgeStream (edgecore.yaml) modules are enabled; authenticated users can tr...

6.5CVSS5.2AI score0.00652EPSS
CVE
CVE
added 2022/06/27 8:10 p.m.86 views

CVE-2022-31076

KubeEdge vulnerability CVE-2022-31076 affects CloudCore’s UDS Server. A crafted message can trigger a nil-pointer dereference when the unixsocket switch is enabled in cloudcore.yaml, crashing CloudCore. Impact is local to the host network and assumes the attacker is an authenticated Cloud user; e...

5.7CVSS4.7AI score0.00614EPSS
CVE
CVE
added 2022/06/27 8:10 p.m.83 views

CVE-2022-31077

KubeEdge CSI Driver vulnerability (CVE-2022-31077): A malicious response from KubeEdge can trigger a nil-pointer dereference in the CSI Driver controller, causing denial of service. Affected are KubeEdge releases prior to 1.11.0, 1.10.1, and 1.9.3. The flaw arises from a crash of the CSI Driver c...

5.7CVSS4.8AI score0.00761EPSS