CVE-2020-15114
published 2020-08-06CVE-2020-15114: In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to…
high7.7CVSS 3.1
AVNACLPRLUINSCCNINAH
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | etcd | < etcd 3.3.25+dfsg-5 (bookworm) | etcd 3.3.25+dfsg-5 (bookworm) |
| etcd-io | etcd | < 3.3.23 | 3.3.23 |
| etcd-io | etcd | < 3.4.10 | 3.4.10 |
| etcd | etcd | >= 0 < 3.3.25+dfsg-5 | 3.3.25+dfsg-5 |
| etcd | etcd | >= 0 < 3.3.25+dfsg-5 | 3.3.25+dfsg-5 |
| etcd | etcd | >= 0 < 3.3.25+dfsg-5 | 3.3.25+dfsg-5 |
| etcd | etcd | >= 0 < 3.3.25+dfsg-5 | 3.3.25+dfsg-5 |
| etcd | etcd | >= 0 < 3.2.26+dfsg-6ubuntu0.1 | 3.2.26+dfsg-6ubuntu0.1 |
| etcd | etcd | >= 0 < 3.2.17+dfsg-1ubuntu0.1~esm1 | 3.2.17+dfsg-1ubuntu0.1~esm1 |
| fedoraproject | fedora | — | — |
| go.etcd.io | etcd | >= 0 < 3.3.23 | 3.3.23 |
| go.etcd.io | etcd | >= 3.4.0-rc.0 < 3.4.10 | 3.4.10 |
| msrc | cbl2_etcd_3.5.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| redhat | etcd | >= 3.3.0 < 3.3.23 | 3.3.23 |
| redhat | etcd | >= 3.4.0 < 3.4.10 | 3.4.10 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
osv7.7HIGH