CVE-2022-31078: KubeEdge CloudCore Router memory exhaustion

First published: Mon Jul 11 2022(Updated: )

### Impact The CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes a request to a pre-specified handle. The handle will return an HTTP response that is then read into memory. The consequence of the exhaustion is that CloudCore will be in a denial of service. Only an authenticated user of the cloud can make an attack. It will be affected only when users enable `router` module in the config file `cloudcore.yaml` as below. ``` modules: ... router: enable: true ``` ### Patches This bug has been fixed in Kubeedge 1.11.1, 1.10.2, 1.9.4. Users should update to these versions to resolve the issue. ### Workarounds Disable the router module in the config file `cloudcore.yaml`. ### References NA ### Credits Thanks David Korczynski and Adam Korczynski of ADA Logics for responsibly disclosing this issue in accordance with the [kubeedge security policy](https://github.com/kubeedge/kubeedge/security/policy) during a security audit sponsored by CNCF and facilitated by OSTIF. ### For more information If you have any questions or comments about this advisory: * Open an issue in [KubeEdge repo](https://github.com/kubeedge/kubeedge/issues/new/choose) * To make a vulnerability report, email your vulnerability to the private [cncf-kubeedge-security@lists.cncf.io](mailto:cncf-kubeedge-security@lists.cncf.io) list with the security details and the details expected for [KubeEdge bug reports](https://github.com/kubeedge/kubeedge/blob/master/.github/ISSUE_TEMPLATE/bug-report.md).

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/github-advisory-latest
• alias/GHSA-qpx3-9565-5xwm
• alias/CVE-2022-31078
• collector/nvd-index
• collector/nvd-cve
• agent/weakness
• agent/type
• agent/softwarecombine
• agent/references
• agent/severity
• agent/author
• agent/description
• collector/nvd-api
• agent/software-canonical-lookup-request
• collector/mitre-cve
• source/MITRE
• agent/title
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/tags
• agent/trending
• package-manager/go
• vendor/linuxfoundation
• canonical/linuxfoundation kubeedge
• version/linuxfoundation kubeedge/1.10.0
• version/linuxfoundation kubeedge/1.11.0