Vulnerabilities > CVE-2022-31077 - NULL Pointer Dereference vulnerability in Linuxfoundation Kubeedge

CVSS 5.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

linuxfoundation

CWE-476

NVD

Published: 2022-06-27

Updated: 2022-07-11

Summary

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.

Vulnerable Configurations

Part	Description	Count
Application	Linuxfoundation Linuxfoundation Kubeedge 1.10.0 Linuxfoundation Kubeedge - Linuxfoundation Kubeedge 0.1 Linuxfoundation Kubeedge 0.2 Linuxfoundation Kubeedge 0.2.1 Linuxfoundation Kubeedge 0.3.0 Linuxfoundation Kubeedge 1.0.0 Linuxfoundation Kubeedge 1.1.0 Linuxfoundation Kubeedge 1.2.0 Linuxfoundation Kubeedge 1.2.1 Linuxfoundation Kubeedge 1.3.0 Linuxfoundation Kubeedge 1.3.1 Linuxfoundation Kubeedge 1.4.0 Linuxfoundation Kubeedge 1.5.0 Linuxfoundation Kubeedge 1.6.0 Linuxfoundation Kubeedge 1.6.1 Linuxfoundation Kubeedge 1.6.2 Linuxfoundation Kubeedge 1.7.0 Linuxfoundation Kubeedge 1.7.1 Linuxfoundation Kubeedge 1.7.2 Linuxfoundation Kubeedge 1.8.0 Linuxfoundation Kubeedge 1.8.1 Linuxfoundation Kubeedge 1.8.2 Linuxfoundation Kubeedge 1.9.0 Linuxfoundation Kubeedge 1.9.1 Linuxfoundation Kubeedge 1.9.2	40

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References