Описание
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. The highest threat from this vulnerability is to system availability.
Отчет
- In Red Hat OpenShift Container Platform (RHOCP), the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable etcd to authenticated users only.
- In Red Hat OpenStack Platform (RHOSP), the use of etcd is limited to the internal API network, which is not accessible to OpenStack tenants. The security impact for these products is therefore rated as Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | etcd | Not affected | ||
| Red Hat OpenStack Platform 15 (Stein) | etcd | Fix deferred | ||
| Red Hat Storage 3 | etcd | Affected | ||
| Red Hat Enterprise Linux 7 Extras | etcd | Fixed | RHSA-2021:1407 | 27.04.2021 |
| Red Hat OpenShift Container Platform 4.8 | openshift4/ose-etcd | Fixed | RHSA-2021:2438 | 27.07.2021 |
| Red Hat OpenStack Platform 16.1 | etcd | Fixed | RHSA-2021:0916 | 17.03.2021 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...
6.5 Medium
CVSS3