You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
CVE-2020-15114 - High Severity Vulnerability
Vulnerable Library - github.com/etcd-io/etcd-v3.1.20
Distributed reliable key-value store for the most critical data of a distributed system
Dependency Hierarchy:
Found in HEAD commit: 549c2321b216d811654d8e364e811dbca812a5a6
Found in base branch: master
Vulnerability Details
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
Publish Date: 2020-08-06
URL: CVE-2020-15114
CVSS 3 Score Details (7.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/etcd-io/etcd/tree/v3.4.10
Release Date: 2020-07-21
Fix Resolution: 3.4.10, 3.3.23
The text was updated successfully, but these errors were encountered: