Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gitlabHttps://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-50472B3EAF5CCEB597A99C92D6CD2ED4
HistoryJan 31, 2024 - 12:00 a.m.

Missing Release of Resource after Effective Lifetime

2024-01-3100:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
11
etcd
denial of service
tcp proxy
resource release

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Affected configurations

Vulners
Node
goetcdRange<3.3.23
OR
goetcdRange3.4.0-rc.0
OR
goetcdRange3.4.9
VendorProductVersionCPE
goetcd*cpe:2.3:a:go:etcd:*:*:*:*:*:*:*:*

Related

osv 5
cvelist 1
cbl_mariner 1
cgr 1
prion 1
ubuntucve 1
cve 1
debiancve 1
nvd 1
github 1
veracode 1
redhatcve 1
wolfi 1
nessus 16
photon 11
openvas 4
ubuntu 2
altlinux 1
fedora 1
redhat 2
osv
osv
CVE-2020-15114
2020-08-06 23:15:11
CGA-4cqp-3vx5-2vpm
2024-06-06 12:22:31
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
2024-01-31 00:21:52
cvelist
cvelist
CVE-2020-15114 Denial of Service in etcd
2020-08-06 22:25:12
cbl_mariner
cbl_mariner
CVE-2020-15114 affecting package etcd for versions less than 3.5.0-3
2022-04-09 06:52:04
cgr
cgr
CVE-2020-15114 vulnerabilities
2024-05-19 03:07:16
prion
prion
Design/Logic Flaw
2020-08-06 23:15:00
ubuntucve
ubuntucve
CVE-2020-15114
2020-08-06 00:00:00
cve
cve
CVE-2020-15114
2020-08-06 23:15:11
debiancve
debiancve
CVE-2020-15114
2020-08-06 23:15:11
nvd
nvd
CVE-2020-15114
2020-08-06 23:15:11
github
github
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
2024-01-31 00:21:52
veracode
veracode
Denial Of Service (DoS)
2020-08-18 07:20:50
redhatcve
redhatcve
CVE-2020-15114
2020-08-14 06:13:42
wolfi
wolfi
CVE-2020-15114 vulnerabilities
2024-10-01 21:13:23
nessus
nessus
Photon OS 3.0: Etcd PHSA-2020-3.0-0126
2020-08-20 00:00:00
Ubuntu 18.04 ESM : etcd vulnerabilities (USN-5628-2)
2023-10-16 00:00:00
Ubuntu 20.04 LTS : etcd vulnerabilities (USN-5628-1)
2022-09-22 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0126
2020-08-13 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0126
2020-08-13 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0313
2020-08-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5628-2)
2023-01-27 00:00:00
Ubuntu: Security Advisory (USN-5628-1)
2022-09-23 00:00:00
Fedora: Security Advisory for etcd (FEDORA-2020-cd43b84c16)
2021-01-11 00:00:00
ubuntu
ubuntu
etcd vulnerabilities
2022-09-22 00:00:00
etcd vulnerabilities
2022-09-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package etcd version 3.4.13-alt1
2020-09-05 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: etcd-3.4.13-1.fc32
2021-01-04 01:18:15
redhat
redhat
(RHSA-2021:0916) Moderate: Red Hat OpenStack Platform 16.1.4 (etcd) security update
2021-03-17 13:32:51
(RHSA-2021:2438) Moderate: OpenShift Container Platform 4.8.2 bug fix and security update
2021-07-27 22:10:52

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON
Related for GITLAB-50472B3EAF5CCEB597A99C92D6CD2ED4
osv5cvelist1cbl_mariner1cgr1prion1ubuntucve1cve1debiancve1nvd1github1veracode1redhatcve1wolfi1nessus16photon11openvas4ubuntu2altlinux1fedora1redhat2