CVE-2020-15106

NameCVE-2020-15106
DescriptionIn etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs968740

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
etcd (PTS)buster3.2.26+dfsg-3vulnerable
bullseye, sid3.2.26+dfsg-8vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
etcdsource(unstable)(unfixed)968740

Notes

https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2

Search for package or bug name: Reporting problems