CVE-2020-15112 MEDIUM

CVE-2020-15112: Improper Input Validation in etcd

Vendor Etcd-Io
Product etcd
Weakness CWE-20 · Input validation
Published August 5, 2020
Last update August 4, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

Key dates

02Disclosure timeline

August 5, 2020 CVE published
August 4, 2024 Record updated