CVE-2020-15106

NameCVE-2020-15106
DescriptionIn etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs968740

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
etcd (PTS)buster3.2.26+dfsg-3vulnerable
buster (security)3.2.26+dfsg-3+deb10u1vulnerable
bullseye3.3.25+dfsg-6fixed
bookworm3.4.23-4fixed
trixie, sid3.4.30-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
etcdsourceexperimental3.3.25+dfsg-1
etcdsource(unstable)3.3.25+dfsg-5968740

Notes

[buster] - etcd <no-dsa> (Minor issue)
https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
Search for package or bug name: Reporting problems