VYPR
Low severityNVD Advisory· Published Aug 5, 2020· Updated Aug 4, 2024

Improper Input Validation in etcd

CVE-2020-15106

Description

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
go.etcd.io/etcdGo
< 0.5.0-alpha.5.0.20200423152442-f4b650b51dc40.5.0-alpha.5.0.20200423152442-f4b650b51dc4

Affected products

26

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.