GHSA-m332-53r6-2w93

Suggest an improvement
Source
https://github.com/advisories/GHSA-m332-53r6-2w93
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-m332-53r6-2w93/GHSA-m332-53r6-2w93.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m332-53r6-2w93
Aliases
Published
2022-10-06T23:03:57Z
Modified
2023-12-06T01:00:15.424450Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic
Details

Vulnerability type

Data Validation

Detail

In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory: * Contact the etcd security committee

Database specific
{
    "nvd_published_at": "2020-08-05T20:15:00Z",
    "cwe_ids": [
        "CWE-129",
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-06T23:03:57Z"
}
References

Affected packages

Go / go.etcd.io/etcd/v3

Package

Name
go.etcd.io/etcd/v3
View open source insights on deps.dev
Purl
pkg:golang/go.etcd.io/etcd/v3

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.23

Go / go.etcd.io/etcd/v3

Package

Name
go.etcd.io/etcd/v3
View open source insights on deps.dev
Purl
pkg:golang/go.etcd.io/etcd/v3

Affected ranges

Type
SEMVER
Events
Introduced
3.4.0
Fixed
3.4.10