Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-m332-53r6-2w93: etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic

Vulnerability type

Data Validation

Detail

In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

ghsa
Open in Source
#vulnerability#git#pdf

etcd’s WAL `ReadAll` method vulnerable to an entry with large index causing panic

Moderate severity GitHub Reviewed Published Oct 6, 2022 in etcd-io/etcd • Updated Oct 6, 2022

Related news

Ubuntu Security Notice USN-5628-1

Ubuntu Security Notice 5628-1 - It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that exists already. An attacker could possibly use this issue to obtain sensitive information. It was discovered that etcd incorrectly handled endpoint setup. An attacker could possibly use this issue to cause a denial of service.

ghsa: Latest News

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
ghsa