The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Kubernetes: infinite loop via Json/yaml Decoding

Synthesis of the vulnerability 

An attacker can trigger an infinite loop via Json/yaml Decoding of Kubernetes, in order to trigger a denial of service.
Impacted software: IBM API Connect, Kubernetes.
Severity of this computer vulnerability: 2/4.
Creation date: 16/10/2019.
Références of this announce: 1167142, 83253, CVE-2019-11253, VIGILANCE-VUL-30640.

Description of the vulnerability 

An attacker can trigger an infinite loop via Json/yaml Decoding of Kubernetes, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness impacts software or systems such as IBM API Connect, Kubernetes.

Our Vigil@nce team determined that the severity of this vulnerability announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat bulletin.

Solutions for this threat 

Kubernetes: version 1.16.2.
The version 1.16.2 is fixed:
  https://github.com/kubernetes/kubernetes/releases/tag/v1.16.2

Kubernetes: version 1.15.5.
The version 1.15.5 is fixed:
  https://github.com/kubernetes/kubernetes/releases/tag/v1.15.5

Kubernetes: version 1.14.8.
The version 1.14.8 is fixed:
  https://github.com/kubernetes/kubernetes/releases/tag/v1.14.8

Kubernetes: version 1.13.12.
The version 1.13.12 is fixed:
  https://github.com/kubernetes/kubernetes/releases/tag/v1.13.12

IBM API Connect: solution for Kubernetes.
The solution is indicated in information sources.

Pivotal Container Service: version 1.5.2.
The version 1.5.2 is fixed:
  https://pivotal.io/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability bulletins. The Vigil@nce vulnerability database contains several thousand vulnerabilities.