cbcvebase.
CVE-2020-15112
published 2020-08-05

CVE-2020-15112: In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.26%
65.8th percentile
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

Affected

18 ranges
VendorProductVersion rangeFixed in
debianetcd< etcd 3.3.25+dfsg-5 (bookworm)etcd 3.3.25+dfsg-5 (bookworm)
etcd-ioetcd< 3.3.233.3.23
etcd-ioetcd< 3.4.103.4.10
etcdetcd< 3.3.233.3.23
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.3.25+dfsg-53.3.25+dfsg-5
etcdetcd>= 0 < 3.2.26+dfsg-6ubuntu0.13.2.26+dfsg-6ubuntu0.1
etcdetcd>= 0 < 3.2.17+dfsg-1ubuntu0.1~esm13.2.17+dfsg-1ubuntu0.1~esm1
etcdetcd>= 3.4.0 < 3.4.103.4.10
fedoraprojectfedora
go.etcd.ioetcd>= 0 < 0.5.0-alpha.5.0.20200423152442-f4b650b51dc40.5.0-alpha.5.0.20200423152442-f4b650b51dc4
go.etcd.ioetcd_v3>= 0 < 3.3.233.3.23
go.etcd.ioetcd_v3>= 3.4.0 < 3.4.103.4.10
msrccbl2_etcd_3.5.0-3_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.