CVE-2020-15114

Published: Aug 6, 2020Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Affected (3)

Products: Redhat: Etcd · Fedoraproject: Fedora

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Etcd	From 3.3.0 to 3.3.23
Redhat Etcd	From 3.4.0 to 3.4.10

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (4)

https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224

Source: security-advisories@github.com

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

Source: security-advisories@github.com

https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.