CVE-2022-31080

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the process which invokes a WSClient will be in a denial of service. The software is affected If users who are authenticated to the edge side connect to `cloudhub` from the edge side through WebSocket protocol. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There are currently no known workarounds.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*

History

24 Jul 2023, 13:16

Type Values Removed Values Added
CWE CWE-400 CWE-770

16 Jul 2022, 13:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CPE cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*
First Time Linuxfoundation
Linuxfoundation kubeedge
References (CONFIRM) https://github.com/kubeedge/kubeedge/security/advisories/GHSA-6wvc-6pww-qr4r - (CONFIRM) https://github.com/kubeedge/kubeedge/security/advisories/GHSA-6wvc-6pww-qr4r - Third Party Advisory

11 Jul 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-11 21:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-31080

Mitre link : CVE-2022-31080

CVE.ORG link : CVE-2022-31080


JSON object : View

Products Affected

linuxfoundation

  • kubeedge
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-400

Uncontrolled Resource Consumption