Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-p4g4-wgrh-qrg2: Improper Input Validation in etcd

Vulnerability type

Data Validation

Detail

The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

ghsa
#vulnerability#git#pdf

Improper Input Validation in etcd

Low severity GitHub Reviewed Published Aug 5, 2020 in etcd-io/etcd • Updated Feb 7, 2023

Related news

Ubuntu Security Notice USN-5628-1

Ubuntu Security Notice 5628-1 - It was discovered that etcd incorrectly handled certain specially crafted WAL files. An attacker could possibly use this issue to cause a denial of service. It was discovered that etcd incorrectly handled directory permissions when trying to create a directory that exists already. An attacker could possibly use this issue to obtain sensitive information. It was discovered that etcd incorrectly handled endpoint setup. An attacker could possibly use this issue to cause a denial of service.