CVE-2020-8551 in Kubernetes and Fedora Project Products
Published on March 27, 2020
Kubernetes kubelet denial of service
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
LOW
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CVE-2020-8551 has been classified to as a Stack Exhaustion vulnerability or weakness.
Products Associated with CVE-2020-8551
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8551 are published in these products:
Affected Versions
Kubernetes:- Version unspecified and below v1.17.3 is affected.
- Version unspecified and below v1.16.7 is affected.
- Version unspecified and below v1.15.10 is affected.
Exploit Probability
EPSS
0.62%
Percentile
69.50%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.