CVE-2020-15106

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15106

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15106.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-15106

Aliases

Related

Published

2020-08-05T19:15:10Z

Modified

2025-02-14T10:53:55.469960Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

References

Affected packages

Debian:11 / etcd

Package

Name: etcd
Purl: pkg:deb/debian/etcd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.25+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / etcd

Package

Name: etcd
Purl: pkg:deb/debian/etcd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.25+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / etcd

Package

Name: etcd
Purl: pkg:deb/debian/etcd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.25+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/etcd-io/etcd

Affected ranges

Type: GIT
Repo: https://github.com/etcd-io/etcd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4873f5516bd98c82dddb81247038337f25abac4e

Affected versions

Other

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.2.0-rc0

v0.2.0-rc1

v0.2.0-rc2

v0.2.0-rc3

v0.2.0-rc4

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.5.0-alpha.0

v0.5.0-alpha.1

v0.5.0-alpha.2

v0.5.0-alpha.3

v0.5.0-alpha.4

v0.5.0-alpha.5

v2.*

v2.0.0

v2.0.0-rc.1

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.1.0

v2.1.0-alpha.0

v2.1.0-alpha.1

v2.1.0-rc.0

v2.1.1

v2.2.0

v2.2.0-alpha.0

v2.2.0-alpha.1

v2.2.0-rc.0

v2.3.0

v2.3.0-alpha.0

v2.3.0-alpha.1

v3.*

v3.0.0-beta.0

v3.1.0-alpha.0

v3.1.0-alpha.1

v3.1.0-rc.0

v3.1.0-rc.1

v3.2.0+git

v3.2.0-rc.0

v3.2.0-rc.1

v3.2.0_plus_git

v3.2.10_plus_git

v3.3.0

v3.3.0-rc.0

v3.3.0-rc.1

v3.3.0-rc.2

v3.3.0-rc.3

v3.3.0-rc.4

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.14

v3.3.14-beta.0

v3.3.14-rc.0

v3.3.15

v3.3.16

v3.3.17

v3.3.18

v3.3.19

v3.3.2

v3.3.20

v3.3.21

v3.3.22

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9