Vulnerability identifier: #VU41650
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources with the application, as a large slice causes panic in decodeRecord method. A remote attacker can forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
Install updates from vendor's website.
Vulnerable software versions
etcd: 3.3.0 - 3.4.9
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.