CVE-2020-15112

EPSS 0.12%
Published 05.08.2020 20:15:14
Last modified 21.11.2024 05:04:50
Source security-advisories@github.com
Teams watchlist Login
Open Login

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Etcd ≫ Etcd Version < 3.3.23

Etcd ≫ Etcd Version >= 3.4.0 < 3.4.10

Fedoraproject ≫ Fedora Version32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.318

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15112

EUVD