CVE-2022-34038

2023-08-2219:16:23

Debian Security Bug Tracker

security-tracker.debian.org

etcd

v3.5.4

dos

vulnerability

pagewriter.write

function

pagewriter.go

denial of service

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.003

Percentile

71.0%

JSON

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor’s position is that this is not a vulnerability.

OSVersionArchitecturePackageVersionFilename
Debian12alletcd<= 3.4.23-4etcd_3.4.23-4_all.deb
Debian11alletcd<= 3.3.25+dfsg-6etcd_3.3.25+dfsg-6_all.deb
Debian999alletcd<= 3.5.15-7etcd_3.5.15-7_all.deb
Debian13alletcd<= 3.5.15-7etcd_3.5.15-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	etcd	<= 3.4.23-4	etcd_3.4.23-4_all.deb
Debian	11	all	etcd	<= 3.3.25+dfsg-6	etcd_3.3.25+dfsg-6_all.deb
Debian	999	all	etcd	<= 3.5.15-7	etcd_3.5.15-7_all.deb
Debian	13	all	etcd	<= 3.5.15-7	etcd_3.5.15-7_all.deb