Security Advisories

CGA-qqqh-524x-wg52

Published

Last updated

https://images.chainguard.dev/security/CGA-qqqh-524x-wg52

Package

dgraph

Latest Update

Fixed

Fixed Version

23.1.0-r6

Aliases

CVE-2020-15106
GHSA-p4g4-wgrh-qrg2

Severity

3.7

Low

CVSS V3

Summary

Panic due to malformed WALs in go.etcd.io/etcd

Description

Vulnerability type

Data Validation

Detail

The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

Specific Go Packages Affected

github.com/etcd-io/etcd/wal

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

Contact the etcd security committee

References

https://nvd.nist.gov/vuln/detail/CVE-2020-15106
https://github.com/advisories/GHSA-p4g4-wgrh-qrg2
https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
https://github.com/etcd-io/etcd/pull/11793
https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675
https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
https://github.com/etcd-io/etcd
https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
https://pkg.go.dev/vuln/GO-2020-0005

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-qqqh-524x-wg52

Severity

Summary

Description

Vulnerability type

Detail

Specific Go Packages Affected

References

For more information

References

Updates

Product

Why Chainguard

Customers

Company

Resources