BIT-etcd-2020-15112

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/etcd/BIT-etcd-2020-15112.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-etcd-2020-15112

Aliases

BIT-etcd-2020-15106
CVE-2020-15106
CVE-2020-15112
GHSA-m332-53r6-2w93
GHSA-p4g4-wgrh-qrg2
GO-2020-0005

Published

2024-03-06T10:52:31.679Z

Modified

2024-09-11T06:13:00.635101Z

Summary

[none]

Details

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

References

https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

Affected packages

Bitnami / etcd

Package

Name: etcd
Purl: pkg:bitnami/etcd

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.23

Introduced

3.4.0

Fixed

3.4.10