CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31079 – KubeEdge Cloud Stream and Edge Stream DoS from large stream message
https://notcve.org/view.php?id=CVE-2022-31079
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the Cloud Stream server and the Edge Stream server reads the entire message into memory without imposing a limit on the size of this message. An attacker can exploit this by sending a large message to exhaust memory and cause a DoS. The Cloud Stream server and the Edge Stream server are under DoS attack in this case. The consequence of the exhaustion is that the CloudCore and EdgeCore will be in a denial of service. • https://github.com/kubeedge/kubeedge/security/advisories/GHSA-wrcr-x4qj-j543 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31078 – KubeEdge CloudCore Router memory exhaustion
https://notcve.org/view.php?id=CVE-2022-31078
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes a request to a pre-specified handle. The handle will return an HTTP response that is then read into memory. • https://github.com/kubeedge/kubeedge/security/advisories/GHSA-qpx3-9565-5xwm • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31075 – KubeEdge DoS when signing the CSR from EdgeCore
https://notcve.org/view.php?id=CVE-2022-31075
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to `/edge.crt`. If an attacker can send a well-crafted HTTP request to CloudHub, and that request has a very large body, that request can crash the HTTP service through a memory exhaustion vector. The request body is being read into memory, and a body that is larger than the available memory can lead to a successful attack. Because the request would have to make it through authorization, only authorized users may perform this attack. • https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31074 – KubeEdge Cloud AdmissionController component DoS
https://notcve.org/view.php?id=CVE-2022-31074
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround. • https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-31073 – KubeEdge Edge ServiceBus module DoS
https://notcve.org/view.php?id=CVE-2022-31073
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. It is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will be unable to allocate memory and thus causing a denial of service. Malicious apps accidentally pulled by users on the host and have the access to send HTTP requests to localhost may make an attack. • https://github.com/kubeedge/kubeedge/pull/4038 https://github.com/kubeedge/kubeedge/pull/4039 https://github.com/kubeedge/kubeedge/pull/4042 https://github.com/kubeedge/kubeedge/security/advisories/GHSA-vwm6-qc77-v2rh • CWE-400: Uncontrolled Resource Consumption •