Data Validation
The parseCompactionRetention function in embed/etcd.go allows the retention variable value to be negative and causes the node to execute the history compaction in a loop, taking more CPU than usual and spamming logs.
Find out more on this vulnerability in the security audit report
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
go.etcd.io/etcd | ge | 3.4.0-rc.0 | |
go.etcd.io/etcd | lt | 3.4.10 | |
go.etcd.io/etcd | lt | 3.3.23 |