Vulnerability CVE-2020-15106

Vulnerability Name:

CVE-2020-15106 (CCN-186329)

Assigned:

2020-08-04

Published:

2020-08-04

Updated:

2021-11-18

Summary:

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-15106

Source: XF
Type: UNKNOWN
etcd-cve202015106-dos(186329)

Source: CCN
Type: etcd GIT Repository
A large slice causes panic in decodeRecord method

Source: CONFIRM
Type: Third Party Advisory
https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-cd43b84c16

Source: CCN
Type: IBM Security Bulletin 6410854 (API Connect)
IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113)

Source: CCN
Type: IBM Security Bulletin 6417459 (Cloud Private)
IBM Cloud Private is vulnerable to etcd vulnerabilities (CVE-2020-15106, CVE-2020-15112, CVE-2020-15113)

Source: CCN
Type: IBM Security Bulletin 6599703 (Db2 On Openshift)
Multiple vulnerabilities affect IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6991619 (Edge Application Manager)
Open Source Dependency Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:etcd:etcd:*:*:*:*:*:*:*:* (Version < 3.3.23)

OR cpe:/a:etcd:etcd:*:*:*:*:*:*:*:* (Version >= 3.4.0 and < 3.4.10)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:etcd:etcd:3.4.9:*:*:*:*:*:*:*

AND

cpe:/a:ibm:api_connect:2018.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:2018.4.1.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2_warehouse:3.5:-:*:*:*:*:*:*

OR cpe:/a:ibm:db2_warehouse:4.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:db2:3.5:-:*:*:*:*:*:*

OR cpe:/a:ibm:db2:4.0:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:3783	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:112199	P	etcd-3.4.16-3.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105730	P	etcd-3.4.16-3.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:97459	P	Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate)	2020-12-23
oval:org.opensuse.security:def:64872	P	Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate)	2020-12-23
oval:org.opensuse.security:def:104149	P	Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate)	2020-12-23
oval:org.opensuse.security:def:90494	P	Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate)	2020-12-23
oval:org.opensuse.security:def:109676	P	Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm (Important)	2020-12-11

BACK