blob: 249c6349524e0e79a3473a2632a3afce42a1449b [file] [log] [blame]
module: go.etcd.io/etcd
package: go.etcd.io/etcd/wal
versions:
- fixed: v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
description: |
Malformed WALs can be constructed such that [`WAL.ReadAll`][] can cause attempted
out of bounds reads, or creation of arbitarily sized slices, which may be used as
a DoS vector.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-15106
credit: Trail of Bits
symbols:
- WAL.ReadAll
- decoder.decodeRecord
links:
pr: https://github.com/etcd-io/etcd/pull/11793
commit: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
context:
- https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf