CVE Vulnerability

CVE-2020-15112

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/ Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:etcd:etcd:*:*:*:*:*:*:*:*
cpe:2.3:a:etcd:etcd:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Information

Published : 2020-08-05 08:15

Updated : 2021-11-18 06:30

NVD link : CVE-2020-15112

Mitre link : CVE-2020-15112

Products Affected
No products.
CWE
CWE-129

Improper Validation of Array Index