Bug 1868872 (CVE-2020-15112) - CVE-2020-15112 etcd: DoS in wal/wal.go
Summary: CVE-2020-15112 etcd: DoS in wal/wal.go
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-15112
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1890082 1868873 1870189 1870505 1874765 1874872 1875653 1875654 1881176
Blocks: 1868882
TreeView+ depends on / blocked
 
Reported: 2020-08-14 06:05 UTC by Dhananjay Arunesh
Modified: 2021-07-27 22:31 UTC (History)
32 users (show)

Fixed In Version: etcd 3.4.10, etcd 3.3.23
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in etcd, where it is possible to have an entry index greater than the number of entries in the ReadAll method in wal/wal.go. This can cause issues when WAL entries are being read during consensus, as an arbitrary etcd consensus participant can go down from a runtime panic when reading the entry. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-03-17 19:51:53 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0916 0 None None None 2021-03-17 15:30:06 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 22:31:24 UTC

Description Dhananjay Arunesh 2020-08-14 06:05:05 UTC
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

References:
https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93

Comment 1 Dhananjay Arunesh 2020-08-14 06:07:32 UTC
Created etcd tracking bugs for this issue:

Affects: fedora-all [bug 1868873]

Comment 2 Przemyslaw Roguski 2020-08-17 15:10:16 UTC
External References:

https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93

Comment 8 Riccardo Schirone 2020-08-27 14:54:23 UTC
Upstream patch seems to be:
https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675

Comment 12 Anten Skrabec 2020-09-04 01:41:09 UTC
Statement:

In Red Hat OpenShift Container Platform (RHOCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable etcd to authenticated users only, therefore the impact by this vulnerability is Low.
A similar access restriction is in place in Red Hat OpenStack Platform (RHOSP) as etcd is limited to use within the internal API network, which is not accessible to any OpenStack tenants.

Comment 16 errata-xmlrpc 2021-03-17 15:29:57 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2021:0916 https://access.redhat.com/errata/RHSA-2021:0916

Comment 17 Product Security DevOps Team 2021-03-17 19:51:53 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-15112

Comment 18 errata-xmlrpc 2021-04-27 16:20:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extras

Via RHSA-2021:1407 https://access.redhat.com/errata/RHSA-2021:1407

Comment 19 errata-xmlrpc 2021-07-27 22:31:24 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.8

Via RHSA-2021:2438 https://access.redhat.com/errata/RHSA-2021:2438


Note You need to log in before you can comment on or make changes to this bug.