Bug 1868883 (CVE-2020-15106)
Summary: | CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abishop, askrabec, bmontgom, dbecker, eparis, go-sig, gparvin, gscrivan, hvyas, jburrell, jcajka, jchaloup, jjoyce, jokerman, jramanat, jschluet, jweiser, kbasil, lacypret, lemenkov, lhh, lpeer, mburns, nstielau, puebele, rschiron, sbatsche, sclewis, slinaber, sponnaga, stcannon, strigazi, tfister, thee |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | etcd 3.4.10, etcd 3.3.23 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-03-17 19:52:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1869286, 1868884, 1870189, 1870509, 1874769, 1874872, 1875653, 1875654, 1881175 | ||
Bug Blocks: | 1868882 |
Description
Dhananjay Arunesh
2020-08-14 06:39:12 UTC
Created etcd tracking bugs for this issue: Affects: fedora-all [bug 1868884] External References: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 Statement: * In Red Hat OpenShift Container Platform (RHOCP), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable etcd to authenticated users only. * In Red Hat OpenStack Platform (RHOSP), the use of etcd is limited to the internal API network, which is not accessible to OpenStack tenants. The security impact for these products is therefore rated as Low. This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2021:0916 https://access.redhat.com/errata/RHSA-2021:0916 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15106 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2021:1407 https://access.redhat.com/errata/RHSA-2021:1407 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2021:2438 https://access.redhat.com/errata/RHSA-2021:2438 |