cbcvebase.
CVE-2020-15106
published 2020-08-05

CVE-2020-15106: In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file…

PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.29%
66.6th percentile
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

Affected

18 ranges
VendorProductVersion rangeFixed in
debianetcd< etcd 3.3.25+dfsg-5 (bookworm)etcd 3.3.25+dfsg-5 (bookworm)
etcd-ioetcd< 3.3.233.3.23
etcd-ioetcd< 3.4.103.4.10
etcdetcd< 3.3.233.3.23
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.2.26+dfsg-6ubuntu0.13.2.26+dfsg-6ubuntu0.1
etcdetcd>= 0 < 3.2.17+dfsg-1ubuntu0.1~esm13.2.17+dfsg-1ubuntu0.1~esm1
etcdetcd>= 3.4.0 < 3.4.103.4.10
fedoraprojectfedora
go.etcd.ioetcd>= 0 < 0.5.0-alpha.5.0.20200423152442-f4b650b51dc40.5.0-alpha.5.0.20200423152442-f4b650b51dc4
go.etcd.ioetcd_v3>= 0 < 3.3.233.3.23
go.etcd.ioetcd_v3>= 3.4.0 < 3.4.103.4.10
msrccbl2_etcd_3.5.0-3_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.