Main Vulnerability Database Vulnerabilities #VU41624

#VU41624 Resource management error in etcd - CVE-2020-15112

Published: August 10, 2020

Vulnerability identifier: #VU41624

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-15112

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
etcd

Software vendor:
CoreOS

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

Remediation

Install updates from vendor's website.

External links

https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93

#VU41624 Resource management error in etcd - CVE-2020-15112

Description

Remediation

External links

Please verify you're human