4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
36.3%
Data Validation
In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.
Find out more on this vulnerability in the security audit report
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
go.etcd.io/etcd/v3 | lt | 3.4.10 | |
go.etcd.io/etcd/v3 | ge | 3.4.0 | |
go.etcd.io/etcd/v3 | lt | 3.3.23 |
github.com/etcd-io/etcd
github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865
github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
github.com/etcd-io/etcd/pull/11793
github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
lists.fedoraproject.org/archives/list/[email protected]/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
nvd.nist.gov/vuln/detail/CVE-2020-15112
pkg.go.dev/vuln/GO-2020-0005
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
36.3%