CVE-2020-15106
Summary
| CVE | CVE-2020-15106 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-05 19:15:00 UTC |
| Updated | 2023-11-07 03:17:00 UTC |
| Description | In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| A large slice causes panic in decodeRecord method · Advisory · etcd-io/etcd · GitHub | CONFIRM | github.com | Third Party Advisory |
| [SECURITY] Fedora 32 Update: etcd-3.4.13-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: etcd-3.4.13-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 198952 Ubuntu Security Notification for etcd Vulnerabilities (USN-5628-1)
- 239169 Red Hat Update for Red Hat OpenStack Platform 16.1.4 (etcd) (RHSA-2021:0916)
- 239250 Red Hat Update for etcd (RHSA-2021:1407)
- 900106 CBL-Mariner Linux Security Update for etcd 3.4.3
- 900995 Common Base Linux Mariner (CBL-Mariner) Security Update for etcd (6388-1)