In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-08-05T19:05:13
Updated: 2021-01-04T02:06:12
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15106
JSON object: View
NVD Information
Status : Modified
Published: 2020-08-05T19:15:10.903
Modified: 2023-11-07T03:17:24.980
Link: CVE-2020-15106
JSON object: View
Redhat Information
No data.
CWE