CVE-2020-15114

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Database specific

{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "32"
                }
            ],
            "source": "CPE_FIELD"
        }
    ]
}

References

Affected packages

Git / github.com/etcd-io/etcd

Affected ranges

Type

GIT

Repo

https://github.com/etcd-io/etcd

Events

Introduced

c23606781f63d09917a1e7abfcefeb337a9608ea

Fixed

4873f5516bd98c82dddb81247038337f25abac4e

Introduced

898bd1351fcf6e0ebce8d7c8bbbbf3f3e42aa42c

Fixed

18dfb9cca345bb2b2fbe73d5fc31028c2477bef1

Database specific

{
    "cpe": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.23"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.10"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

v3.*

v3.3.0

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.14

v3.3.14-beta.0

v3.3.14-rc.0

v3.3.15

v3.3.16

v3.3.17

v3.3.18

v3.3.19

v3.3.2

v3.3.20

v3.3.21

v3.3.22

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15114.json"