Vulnerability Report: GO-2020-0005

CVE-2020-15106, CVE-2020-15112, and 2 more
Affects: go.etcd.io/etcd
Published: Apr 14, 2021
Modified: Jun 12, 2023

Malformed WALs can be constructed such that WAL.ReadAll can cause attempted out of bounds reads, or creation of arbitrarily sized slices, which may be used as a DoS vector.

Affected Packages

Path

Versions

Symbols
go.etcd.io/etcd/wal

before v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4

Aliases

CVE-2020-15106
CVE-2020-15112
GHSA-m332-53r6-2w93
GHSA-p4g4-wgrh-qrg2

References

https://github.com/etcd-io/etcd/pull/11793
https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
https://vuln.go.dev/ID/GO-2020-0005.json

Credits

Trail of Bits

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL