reports/GO-2020-0005.yaml - vulndb - Git at Google

 module: go.etcd.io/etcd
 package: go.etcd.io/etcd/wal
 versions:
   - fixed: v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
 description: |
   Malformed WALs can be constructed such that [`WAL.ReadAll`][] can cause attempted
   out of bounds reads, or creation of arbitarily sized slices, which may be used as
   a DoS vector.
 published: 2021-04-14T12:00:00Z
 cve: CVE-2020-15106
 credit: Trail of Bits
 symbols:
   - WAL.ReadAll
   - decoder.decodeRecord
 links:
   pr: https://github.com/etcd-io/etcd/pull/11793
   commit: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
   context:
     - https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
	module: go.etcd.io/etcd
	package: go.etcd.io/etcd/wal
	versions:
	- fixed: v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
	description: \|
	Malformed WALs can be constructed such that [`WAL.ReadAll`][] can cause attempted
	out of bounds reads, or creation of arbitarily sized slices, which may be used as
	a DoS vector.
	published: 2021-04-14T12:00:00Z
	cve: CVE-2020-15106
	credit: Trail of Bits
	symbols:
	- WAL.ReadAll
	- decoder.decodeRecord
	links:
	pr: https://github.com/etcd-io/etcd/pull/11793
	commit: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
	context:
	- https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf