CVE-2022-34038
Summary
| CVE | CVE-2022-34038 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-22 19:16:00 UTC |
| Updated | 2023-11-07 03:48:00 UTC |
| Description | ** DISPUTED ** Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| add a verification on the pagebytes which must be > 0 by ahrtr · Pull Request #14452 · etcd-io/etcd · GitHub | MISC | github.com | |
| go-review.googlesource.com/c/vulndb/+/524456 | MISC | go-review.googlesource.com | |
| go-review.googlesource.com/c/vulndb/+/524456/2/data/excluded/GO-2023-2016.yaml | MISC | go-review.googlesource.com | |
| x/vulndb: potential Go vuln in github.com/etcd-io/etcd: CVE-2022-34038 · Issue #2016 · golang/vulndb · GitHub | MISC | github.com | |
| fix(pkg/ioutil):avoid panic in PageWriter.Write() when pageBytes is 0 by secsys-go · Pull Request #14022 · etcd-io/etcd · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 994978 GO (Go) Security Update for go.etcd.io/etcd/v3 (GHSA-65rp-cv85-263x)