CVE-2020-15106Improper Input Validation in Etcd

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption16 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Etcd-io EtcdEtcdGo.etcd.io Etcd+2 more
Timeline
PublishedAug 5
Latest updateFeb 7

Description

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

NVDetcd/etcd3.4.03.4.10+1
CVEListV5etcd-io/etcd< 3.3.23+1
Gogo.etcd.io/etcd< 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
Gogo.etcd.io/etcd_v33.4.03.4.10+1
Debianetcd/etcd< 3.3.25+dfsg-5+3

Also affects: Fedora 32

🔴Vulnerability Details

8
OSV
Panic due to malformed WALs in go.etcd.io/etcd2023-02-07
GHSA
Panic due to malformed WALs in go.etcd.io/etcd2023-02-07
OSV
etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic2022-10-06
OSV
etcd vulnerabilities2022-09-22
OSV
etcd vulnerabilities2022-09-22

📋Vendor Advisories

5
Ubuntu
etcd vulnerabilities2022-09-22
Ubuntu
etcd vulnerabilities2022-09-22
Microsoft
Improper Input Validation in etcd2020-08-11
Red Hat
etcd: Large slice causes panic in decodeRecord method2020-08-05
Debian
CVE-2020-15106: etcd - In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeR...2020

💬Community

2
Bugzilla
CVE-2020-15106 etcd: large slice causes panic in decodeRecord method [fedora-all]2020-08-14
Bugzilla
CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method2020-08-14
CVE-2020-15106 — Improper Input Validation in Etcd | cvebase