8 matches found
CVE-2022-31080
KubeEdge’s Websocket Client (Viaduct) in versions prior to 1.11.1, 1.10.2, and 1.9.4 is vulnerable to a DoS through memory exhaustion. The issue arises when a large response is read fully into memory, allowing an attacker to trigger a request that returns a large body and exhausts memory, potenti...
CVE-2022-31078
KubeEdge CloudCore Router memory exhaustion DoS vulnerability (CVE-2022-31078) affects pre-1.11.1, pre-1.10.2, and pre-1.9.4 releases. The REST handler’s HTTP response size is not limited, allowing an authenticated cloud user to trigger a large response that exhausts memory and causes CloudCore d...
CVE-2022-31074
CVE-2022-31074 affects KubeEdge Cloud AdmissionController. Several endpoints may be exploited to cause a DoS by sending an HTTP request with a very large body, exhausting the controller and causing denial of service. The issue is fixed in KubeEdge releases 1.11.1, 1.10.2, and 1.9.4; upgrading to ...
CVE-2022-31073
Summary of CVE-2022-31073 (KubeEdge) : The DoS vulnerability affects the edge-side ServiceBus server in KubeEdge. If the ServiceBus module is enabled (edgecore.yaml) and a very large HTTP body is sent to the edge node, memory exhaustion can occur, potentially starving other containers on the node...
CVE-2022-31075
CVE-2022-31075 affects KubeEdge EdgeCore when the CloudHub module is enabled. A maliciously crafted HTTP request to /edge.crt with a very large body can exhaust memory and crash the CloudHub HTTP service, leading to a denial of service. This vulnerability exists in versions prior to 1.11.1, 1.10....
CVE-2022-31079
KubeEdge CVE-2022-31079 causes a DoS by allowing a large message to be read into memory by the Cloud Stream and Edge Stream servers. Affects versions prior to 1.11.1, 1.10.2, and 1.9.4 when cloudStream (cloudcore.yaml) and edgeStream (edgecore.yaml) modules are enabled; authenticated users can tr...
CVE-2022-31076
KubeEdge vulnerability CVE-2022-31076 affects CloudCore’s UDS Server. A crafted message can trigger a nil-pointer dereference when the unixsocket switch is enabled in cloudcore.yaml, crashing CloudCore. Impact is local to the host network and assumes the attacker is an authenticated Cloud user; e...
CVE-2022-31077
KubeEdge CSI Driver vulnerability (CVE-2022-31077): A malicious response from KubeEdge can trigger a nil-pointer dereference in the CSI Driver controller, causing denial of service. Affected are KubeEdge releases prior to 1.11.0, 1.10.1, and 1.9.3. The flaw arises from a crash of the CSI Driver c...