Описание
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
A flaw was found in etcd, where the etcd gateway is a simple TCP proxy that allows basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This issue results in a denial of service since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. The highest threat from this vulnerability is to system availability.
Отчет
In the Red Hat OpenShift Container Platform (RHOCP), the vulnerable ectd is used in the ose-etcd-container. The etcd gateway uses version 2 API which is not used by OCP, hence the impact of this vulnerability is Low. In Red Hat OpenStack Platform (RHOSP) does not use the etcd gateway and as well its use is limited to within the internal API network, which is not accessible to any OpenStack tenants.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | etcd | Not affected | ||
| Red Hat Enterprise Linux 7 | etcd | Affected | ||
| Red Hat OpenStack Platform 15 (Stein) | etcd | Fix deferred | ||
| Red Hat Storage 3 | etcd | Affected | ||
| Red Hat OpenShift Container Platform 4.8 | openshift4/ose-etcd | Fixed | RHSA-2021:2438 | 27.07.2021 |
| Red Hat OpenStack Platform 16.1 | etcd | Fixed | RHSA-2021:0916 | 17.03.2021 |
Показывать по
Дополнительная информация
Статус:
7.7 High
CVSS3
Связанные уязвимости
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
7.7 High
CVSS3