CVE Vulnerabilities

CVE-2020-15106

Published: Aug 05, 2020 | Modified: Nov 18, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

Affected Software

Name Vendor Start Version End Version
Etcd Etcd * *
Etcd Etcd 3.4.0 *
Red Hat Enterprise Linux 7 Extras RedHat etcd-0:3.2.32-1.el7_9 *
Red Hat OpenShift Container Platform 4.8 RedHat openshift4/ose-etcd:v4.8.0-202106152230.p0.git.aefa6bf.assembly.stream *
Red Hat OpenStack Platform 16.1 RedHat etcd-0:3.3.23-1.el8ost *
Etcd Ubuntu bionic *
Etcd Ubuntu devel *
Etcd Ubuntu focal *
Etcd Ubuntu groovy *
Etcd Ubuntu hirsute *
Etcd Ubuntu impish *
Etcd Ubuntu jammy *
Etcd Ubuntu trusty *
Etcd Ubuntu upstream *
Etcd Ubuntu xenial *

References