CVE-2020-15106

Name of the Vulnerable Software and Affected Versions etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9

Description The issue is related to a lack of validation on the size of a record stored in the length field of a WAL file. This allows for the creation of a forged, extremely large frame size that can cause a panic in the decodeRecord method when any RAFT participant tries to decode the WAL. Malformed WALs can also cause attempted out of bounds reads or creation of arbitrarily sized slices, potentially used as a Denial of Service (DoS) vector. The problem arises in the ReadAll method, where an entry index can be greater than the number of entries, leading to issues when reading WAL entries during consensus.

Recommendations For etcd versions 3.3.0 through 3.3.22, update to version 3.3.23 or later. For etcd versions 3.4.0 through 3.4.9, update to version 3.4.10 or later. As a temporary workaround, consider restricting access to the WAL file to minimize the risk of exploitation. Avoid using the decodeRecord method until the issue is resolved.