Your submission was sent successfully! Close

CVE-2020-15114

Published: 6 August 2020

In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

Priority

Medium

CVSS 3 base score: 7.7

Status

Package Release Status
etcd
Launchpad, Ubuntu, Debian
bionic Needed

focal
Released (3.2.26+dfsg-6ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(3.3.23)
jammy Not vulnerable
(3.3.23)
precise Does not exist

trusty Does not exist

upstream
Released (3.3.23, 3.4.10)
xenial Ignored
(end of standard support, was needs-triage)
Patches:
upstream: https://github.com/etcd-io/etcd/commit/f6b822dfe85c9f004c7188496e8573bdaa582260 (3.3.23)