SB2021050608 - Red Hat Enterprise Linux 7 Extras update for etcd 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021050608

SB2021050608 - Red Hat Enterprise Linux 7 Extras update for etcd

Published: May 6, 2021

Security Bulletin ID SB2021050608
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2020-15106)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as a large slice causes panic in decodeRecord method. A remote attacker can  forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.


2) Resource management error (CVE-ID: CVE-2020-15112)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.


Remediation

Install update from vendor's website.

References