CVE-2020-15112: Improper Validation of Array Index

October 6, 2022

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

References

github.com/advisories/GHSA-m332-53r6-2w93
github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865
github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
nvd.nist.gov/vuln/detail/CVE-2020-15112

Detect and mitigate CVE-2020-15112 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →