How severe is CVE-2022-31076?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2022-31076?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2022-31076 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml.

Related Vulnerabilities

CVE-2020-10066

MEDIUM

CVSS:5.7(Medium)

Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1.14.2, >= v2.2.0 contain NULL Pointer Dereference (CWE-476). For more information, see https://github.com/zephyrproject-rtos/zephyr...

CWE-4762020

CVE-2020-12866

MEDIUM

CVSS:5.7(Medium)

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.

CWE-4762020

CVE-2022-2549

MEDIUM

CVSS:5.7(Medium)

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.

CWE-4762022

CVE-2022-31077

MEDIUM

CVSS:5.7(Medium)

CWE-4762022

CVE-2023-37027

MEDIUM

CVSS:5.7(Medium)

Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to cras...

CWE-4762023

CVE-2025-24179

MEDIUM

CVSS:5.7(Medium)

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS ...

CWE-4762025