What is the severity of CVE-2022-31077?

CVE-2022-31077 is rated as a high-severity vulnerability due to its potential to crash the CSI Driver controller server.

How do I fix CVE-2022-31077?

To resolve CVE-2022-31077, upgrade KubeEdge to version 1.10.0 or above.

Which versions of KubeEdge are affected by CVE-2022-31077?

CVE-2022-31077 affects KubeEdge versions prior to 1.10.0 and all versions below 1.9.3.

What type of vulnerability is identified by CVE-2022-31077?

CVE-2022-31077 is a nil-pointer dereference vulnerability that can be triggered by a malicious message response.

Is there a workaround for CVE-2022-31077?

There is no documented workaround for CVE-2022-31077; updating to a fixed version is the recommended solution.

Vulnerability/
CVE-2022-31077

medium

5.7

CWE

476

27/6/2022

3/8/2024

CVE-2022-31077: Malicious response from KubeEdge can crash CSI Driver controller server

First published: Mon Jun 27 2022(Updated: )

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
KubeEdge	<1.9.3
KubeEdge	=1.10.0
KubeEdge	=1.10.0-beta0

Remedy

https://github.com/kubeedge/kubeedge/pull/3899

Remedy

https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-31077?
CVE-2022-31077 is rated as a high-severity vulnerability due to its potential to crash the CSI Driver controller server.
How do I fix CVE-2022-31077?
To resolve CVE-2022-31077, upgrade KubeEdge to version 1.10.0 or above.
Which versions of KubeEdge are affected by CVE-2022-31077?
CVE-2022-31077 affects KubeEdge versions prior to 1.10.0 and all versions below 1.9.3.
What type of vulnerability is identified by CVE-2022-31077?
CVE-2022-31077 is a nil-pointer dereference vulnerability that can be triggered by a malicious message response.
Is there a workaround for CVE-2022-31077?
There is no documented workaround for CVE-2022-31077; updating to a fixed version is the recommended solution.

agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/references
agent/author
agent/title
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/linuxfoundation
canonical/kubeedge
version/kubeedge/1.10.0
version/kubeedge/1.10.0-beta0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.