Headline
GHSA-p4g4-wgrh-qrg2: Improper Input Validation in etcd
Vulnerability type
Data Validation
Detail
The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
References
Find out more on this vulnerability in the security audit report
For more information
If you have any questions or comments about this advisory:
- Contact the etcd security committee
Improper Input Validation in etcd
Low severity GitHub Reviewed Published Aug 5, 2020 in etcd-io/etcd • Updated Feb 7, 2023
Related news
Ubuntu Security Notice 5628-1 - It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that exists already. An attacker could possibly use this issue to obtain sensitive information. It was discovered that etcd incorrectly handled endpoint setup. An attacker could possibly use this issue to cause a denial of service.