CVE-2020-15112 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2020-15112

CVE-2020-15112

August 05, 2020

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

Related Resources (11)

https://github.com/etcd-io/etcd

https://access.redhat.com/security/cve/CVE-2020-15112

https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf

https://nvd.nist.gov/vuln/detail/CVE-2020-15112

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP

https://pkg.go.dev/vuln/GO-2020-0005

https://github.com/etcd-io/etcd/pull/11793

https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865

https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07