blob: f1cebac820459c1eae73e7c3e5084c66999c5064 [file] [log] [blame]
id: GO-2020-0005
modules:
- module: go.etcd.io/etcd
versions:
- fixed: 0.5.0-alpha.5.0.20200423152442-f4b650b51dc4
vulnerable_at: 0.5.0-alpha.5.0.20200422225029-2369cb367873
packages:
- package: go.etcd.io/etcd/wal
symbols:
- WAL.ReadAll
- decoder.decodeRecord
derived_symbols:
- Create
- Repair
- Verify
summary: Panic due to malformed WALs in go.etcd.io/etcd
description: |-
Malformed WALs can be constructed such that WAL.ReadAll can cause attempted out
of bounds reads, or creation of arbitrarily sized slices, which may be used as a
DoS vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-15106
- CVE-2020-15112
ghsas:
- GHSA-m332-53r6-2w93
- GHSA-p4g4-wgrh-qrg2
credits:
- Trail of Bits
references:
- fix: https://github.com/etcd-io/etcd/pull/11793
- fix: https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
- web: https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
review_status: REVIEWED