Vulnerability DatabaseCVE-2022-31077
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-31077
Published:June 27, 2022
Updated:May 25, 2026
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.
Affected Packages
github.com/kubeedge/kubeedge (GO):
Affected version(s) =v1.10.0 <v1.10.1
Fix Suggestion:
Update to version v1.10.1
Related Resources (6)
https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31077.json
https://nvd.nist.gov/vuln/detail/CVE-2022-31077
https://github.com/kubeedge/kubeedge
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x938-fvfw-7jh5
https://github.com/kubeedge/kubeedge/pull/3899/commits/5d60ae9eabd6b6b7afe38758e19bbe8137664701
https://github.com/kubeedge/kubeedge/pull/3899
Do you need more information?
Contact Us
CVSS v4
Base Score:
4.1
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
EPSS
Base Score:
0.34