CVE-2020-15106

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

Published: Aug 5, 2020
Updated: May 9, 2024
CVE: CVE-2020-15106
GHSA: GHSA-p4g4-wgrh-qrg2
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
etcd / etcd	3.4.0	3.4.10
etcd / etcd	-	3.3.23
fedoraproject / fedora	32	32.x
go.etcd.io/etcd	-	0.5.0-alpha.5.0.20200423152442-f4b650b51dc4

https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675
https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
https://github.com/etcd-io/etcd/pull/11793
https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
https://pkg.go.dev/vuln/GO-2020-0005

Vulnerability Database

CVE-2020-15106