reports/GO-2020-0005.yaml - vulndb - Git at Google

 packages:
   - module: go.etcd.io/etcd
     package: go.etcd.io/etcd/wal
     symbols:
       - WAL.ReadAll
       - decoder.decodeRecord
     versions:
       - fixed: v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
 description: |
     Malformed WALs can be constructed such that WAL.ReadAll can cause attempted
     out of bounds reads, or creation of arbitrarily sized slices, which may be used as
     a DoS vector.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-15106
   - CVE-2020-15112
 credit: Trail of Bits
 links:
     pr: https://github.com/etcd-io/etcd/pull/11793
     commit: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
     context:
       - https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
	packages:
	- module: go.etcd.io/etcd
	package: go.etcd.io/etcd/wal
	symbols:
	- WAL.ReadAll
	- decoder.decodeRecord
	versions:
	- fixed: v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
	description: \|
	Malformed WALs can be constructed such that WAL.ReadAll can cause attempted
	out of bounds reads, or creation of arbitrarily sized slices, which may be used as
	a DoS vector.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-15106
	- CVE-2020-15112
	credit: Trail of Bits
	links:
	pr: https://github.com/etcd-io/etcd/pull/11793
	commit: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
	context:
	- https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf