Main Vulnerability Database Vulnerabilities #VU41650

#VU41650 Resource management error in etcd - CVE-2020-15106

Published: August 10, 2020

Vulnerability identifier: #VU41650

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-15106

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
etcd

Software vendor:
CoreOS

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as a large slice causes panic in decodeRecord method. A remote attacker can forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

Remediation

Install updates from vendor's website.

External links

https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2

#VU41650 Resource management error in etcd - CVE-2020-15106

Description

Remediation

External links

Please verify you're human