CVE-2022-31080 : What You Need to Know
Learn about CVE-2022-31080, a vulnerability in KubeEdge prior to versions 1.11.1, 1.10.2, and 1.9.4, where a large response can cause a DoS due to memory exhaustion. Find out how to mitigate the risk.
KubeEdge Websocket Client in package Viaduct: DoS from large response message
Understanding CVE-2022-31080
KubeEdge, an open source system for extending containerized application orchestration to Edge hosts, prior to versions 1.11.1, 1.10.2, and 1.9.4, was vulnerable to a memory exhaustion Denial of Service (DoS) attack due to the way large responses were handled by the viaduct WSClient.
What is CVE-2022-31080?
A large response received by the viaduct WSClient in KubeEdge could lead to memory exhaustion, enabling an attacker to orchestrate a DoS attack by invoking a WSClient process.
The Impact of CVE-2022-31080
This vulnerability could be exploited by authenticated users on the edge side connecting to
cloudhubTechnical Details of CVE-2022-31080
Vulnerability Description
The issue stemmed from the entire body of a large response being read into memory, potentially allowing an attacker to craft a request that exhausts memory, leading to a DoS condition.
Affected Systems and Versions
KubeEdge versions 1.11.0, >= 1.10.0, < 1.10.2, and < 1.9.4 were impacted by this vulnerability.
Exploitation Mechanism
The exploit involved authenticated users on the edge side connecting to
cloudhubMitigation and Prevention
Immediate Steps to Take
Upgrade to the patched versions 1.11.1, 1.10.2, or 1.9.4 of KubeEdge to mitigate the risk of memory exhaustion DoS attacks.
Long-Term Security Practices
Regularly monitor for security advisories and updates for KubeEdge to stay protected against potential vulnerabilities.
Patching and Updates
Install patches and updates promptly to address known security issues and enhance the overall security posture of your KubeEdge deployment.