Skip to main content

NULL Pointer Dereference


Severity Medium
Score 5.7/10


KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This issue affects version prior to 1.9.3, 1.10.x prior to 1.10.1 and 1.11.x prior to 1.11.0-beta.0.

  • LOW
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published