CVE-2020-15112 Improper Input Validation in etcd

🗓️ 05 Aug 2020 20:00:15Reported by GitHub_MType

Improper Input Validation in etcd, possible index issue during ReadAll

Reporter	Title	Published	Views	Family All 102
IBM Security Bulletins	Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113)	2 Feb 202113:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data	29 Jun 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data	6 Dec 202316:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to etcd vulnerabilities (CVE-2020-15106, CVE-2020-15112, CVE-2020-15113)	26 Feb 202114:21	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202318:36	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package etcd version 3.4.13-alt1	5 Sep 202000:00	–	altlinux
ATTACKERKB	CVE-2020-15112	5 Aug 202020:15	–	attackerkb
CBLMariner	CVE-2020-15112 affecting package etcd for versions less than 3.5.0-3	9 Apr 202206:52	–	cbl_mariner
Tenable Nessus	CentOS 7 : etcd (RHSA-2021:1407)	9 Oct 202400:00	–	nessus
Tenable Nessus	Fedora 32 : etcd (2020-cd43b84c16)	4 Jan 202100:00	–	nessus

[
  {
    "product": "etcd",
    "vendor": "etcd-io",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.3.23"
      },
      {
        "status": "affected",
        "version": "< 3.4.10"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/
github	www.github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93

04 Jan 2021 02:06Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.5

EPSS0.00113

CWE-20