Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Malicious response from KubeEdge can crash CSI Driver controller server
Vulnerability Description
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
KubeEdge 代码问题漏洞
Vulnerability Description
KubeEdge是KubeEdge开源的一个 Kubernetes 原生边缘计算框架。基于 Kubernetes 构建,并将本机容器化应用编排和设备管理扩展到边缘主机。 KubeEdge 1.11.0 之前版本、1.10.1 之前版本和 1.9.3 之前版本存在代码问题漏洞,该漏洞源于恶意消息响应可能会通过触发零指针取消引用恐慌而使 CSI Driver controller server 崩溃。
CVSS Information
N/A
Vulnerability Type
N/A