Description
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
Scores
CVSS v3
6.5
EPSS
0.0129
EPSS Percentile
66.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (3)
etcd/etcd
< 3.3.23
fedoraproject/fedora
32
go.etcd.io/etcd
0 - 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4Go
Published
Aug 05, 2020
Tracked Since
Feb 18, 2026