Skip to content

etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery

Low severity GitHub Reviewed Published Aug 5, 2020 in etcd-io/etcd • Updated Jan 12, 2023

Package

gomod go.etcd.io/etcd/client/v3 (Go)

Affected versions

>= 3.4.0, < 3.4.10
< 3.3.23

Patched versions

3.4.10
3.3.23

Description

Vulnerability type

Data Validation

Detail

When an etcd instance attempts to perform service discovery, if a cluster size is provided as a negative value, the etcd instance will panic without recovery.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

References

@spzala spzala published to etcd-io/etcd Aug 5, 2020
Published to the GitHub Advisory Database Oct 6, 2022
Reviewed Oct 6, 2022
Last updated Jan 12, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-9gp7-6833-wv89

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.