CVE-2020-15114 - OpenCVE

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Etcd
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:a:redhat:etcd::::::::
	cpe:2.3:a:redhat:etcd::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-08-06T22:25:12

Updated: 2021-01-04T02:06:14

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15114

JSON object: View

NVD Information

Status : Modified

Published: 2020-08-06T23:15:11.517

Modified: 2023-11-07T03:17:25.320

Link: CVE-2020-15114

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "etcd", "vendor": "etcd-io", "versions": [{"status": "affected", "version": "< 3.3.23"}, {"status": "affected", "version": "< 3.4.10"}]}], "descriptions": [{"lang": "en", "value": "In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-04T02:06:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224"}, {"name": "FEDORA-2020-cd43b84c16", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"}], "source": {"advisory": "GHSA-2xhq-gv6c-p224", "discovery": "UNKNOWN"}, "title": "Denial of Service in etcd", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15114", "STATE": "PUBLIC", "TITLE": "Denial of Service in etcd"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "etcd", "version": {"version_data": [{"version_value": "< 3.3.23"}, {"version_value": "< 3.4.10"}]}}]}, "vendor_name": "etcd-io"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224", "refsource": "CONFIRM", "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224"}, {"name": "FEDORA-2020-cd43b84c16", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"}]}, "source": {"advisory": "GHSA-2xhq-gv6c-p224", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15114", "datePublished": "2020-08-06T22:25:12", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2021-01-04T02:06:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*", "matchCriteriaId": "44C58F4F-02EB-40DC-86CB-98D027FE7F84", "versionEndExcluding": "3.3.23", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:etcd:*:*:*:*:*:*:*:*", "matchCriteriaId": "362ED3D1-DC14-4BC6-A565-39EA4CA7B061", "versionEndExcluding": "3.4.10", "versionStartIncluding": "3.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway."}, {"lang": "es", "value": "En etcd anteriores a las versiones 3.3.23 y 3.4.10, la puerta de enlace etcd es un proxy TCP simple para permitir el acceso y detecci\u00f3n de servicios b\u00e1sicos. Sin embargo, es posible incluir la direcci\u00f3n de la puerta de enlace como endpoint. Esto resulta en una denegaci\u00f3n de servicio, ya que el endpoint puede quedarse atrapado en un bucle de petici\u00f3n hasta que no haya m\u00e1s descriptores de archivo disponibles para aceptar conexiones en la puerta de enlace"}], "id": "CVE-2020-15114", "lastModified": "2023-11-07T03:17:25.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-08-06T23:15:11.517", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}