Moderate severityNVD Advisory· Published Aug 5, 2020· Updated Aug 4, 2024
Improper Input Validation in etcd
CVE-2020-15112
Description
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
go.etcd.io/etcd/v3Go | < 3.3.23 | 3.3.23 |
go.etcd.io/etcd/v3Go | >= 3.4.0, < 3.4.10 | 3.4.10 |
Affected products
24- osv-coords23 versionspkg:apk/chainguard/dgraphpkg:apk/chainguard/etcd-3.4pkg:apk/chainguard/etcd-3.4-bitnami-compatpkg:apk/chainguard/etcd-3.4-iamguarded-compatpkg:apk/chainguard/etcd-fips-3.4pkg:apk/chainguard/py3.10-etcdpkg:apk/chainguard/py3.11-etcdpkg:apk/chainguard/py3.12-etcdpkg:apk/chainguard/py3.13-etcdpkg:apk/chainguard/py3-etcdpkg:apk/chainguard/py3-supported-etcdpkg:apk/wolfi/dgraphpkg:apk/wolfi/py3.10-etcdpkg:apk/wolfi/py3.11-etcdpkg:apk/wolfi/py3.12-etcdpkg:apk/wolfi/py3.13-etcdpkg:apk/wolfi/py3-etcdpkg:apk/wolfi/py3-supported-etcdpkg:bitnami/etcdpkg:golang/go.etcd.io/etcd/v3pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kubernetes&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1
< 23.1.0-r6+ 22 more
- (no CPE)range: < 23.1.0-r6
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 3.4.36-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 23.1.0-r6
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.3.23
- (no CPE)range: < 3.3.23
- (no CPE)range: < 3.5.12-150000.7.6.1
- (no CPE)range: < 3.5.12-150000.7.6.1
- (no CPE)range: < 1.17.13-4.21.2
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-m332-53r6-2w93ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-15112ghsaADVISORY
- github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdfghsaWEB
- github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865ghsaWEB
- github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07ghsaWEB
- github.com/etcd-io/etcd/pull/11793ghsaWEB
- github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93ghsax_refsource_CONFIRMWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMPghsaWEB
- pkg.go.dev/vuln/GO-2020-0005ghsaWEB
News mentions
0No linked articles in our index yet.