Bug 2236567 (CVE-2022-34038)

Summary: CVE-2022-34038 etcd: remote DoS via PageWriter.write
Product: [Other] Security Response Reporter: Anten Skrabec <askrabec>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abishop, eglynn, jjoyce, jschluet, lhh, mburns, mgarciac, nobody, pgrist
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the etcd package. Affected versions of etcd allow remote attackers to cause a denial of service via the PageWriter.write function in pagewriter.go, possibly affecting system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2236593, 2236594, 2236595, 2236596, 2236597, 2236598, 2236599, 2236600, 2236601, 2236602, 2236640    
Bug Blocks: 2236604    

Description Anten Skrabec 2023-08-31 19:29:17 UTC 
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go

https://github.com/etcd-io/etcd/pull/14022
https://github.com/etcd-io/etcd/pull/14452
Comment 2 Avinash Hanwate 2023-09-01 04:30:07 UTC 
Created etcd tracking bugs for this issue:

Affects: fedora-all [bug 2236640]