OESA-2025-1682

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1682
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1682.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1682
Upstream
Published
2025-06-27T13:16:37Z
Modified
2025-08-12T05:39:22.763451Z
Summary
etcd security update
Details

%{expand:

Security Fix(es):

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.(CVE-2023-45290)

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.(CVE-2024-24785)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / etcd

Package

Name
etcd
Purl
pkg:rpm/openEuler/etcd&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.14-11.oe2003sp4

Ecosystem specific 

{
    "src": [
        "etcd-3.4.14-11.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "etcd-3.4.14-11.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "etcd-3.4.14-11.oe2003sp4.aarch64.rpm"
    ]
}