etcd: Large slice causes panic in decodeRecord method

A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionall...

Serverless Storage at the Edge (EdgeKV Beta)

We are pleased to announce the launch of EdgeKV, our distributed key-value store, into beta! EdgeKV is enabling technology for EdgeWorkers, our serverless computing platform that enables developers to create services using JavaScript and deploy them across our platform. When writing JavaScript,...

EdgeKV: Serverless Storage at the Edge

We are pleased to announce the launch of EdgeKV, our distributed key-value store, into beta! EdgeKV is enabling technology for EdgeWorkers, our serverless computing platform that enables developers to create services using JavaScript and deploy them across our platform. When writing JavaScript,...

[SECURITY] Fedora 32 Update: etcd-3.4.13-1.fc32

Distributed reliable key-value store for the most critical data of a distri buted system...

What's the Value of a Key-Value Store?

A database back end for your application is vital, and odds are that your database is a relational database or a "not only SQL" NoSQL database. Relational databases have dominated the software industry for decades, even as other technologies have radically changed around it. A relational database...

NICER Protocol Deep Dive: Internet Exposure of etcd

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

NICER Protocol Deep Dive: Internet Exposure of memcached

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

NICER Protocol Deep Dive: Internet Exposure of Redis

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

Consul by HashiCorp: from Infoleak to RCE

Consul is a software first released in 2014 for DNS-based service discovery. It provides distributed key-value storage, segmentation, and configuration. Registered services and nodes can be queried using a DNS interface or an HTTP interface. Wikipedia Basically, Consul ensures the coherence of...

RUSTSEC-2020-0149 Data race and memory safety issue in `Index`

The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...

Data race and memory safety issue in `Index`

The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...

hyperv-daemons bug fix and enhancement update

The hyperv-daemons packages provide a suite of daemons that are needed when a AlmaLinux guest is running on Microsoft Hyper-V. The following daemons are included: - hypervkvpd, the guest Hyper-V Key-Value Pair KVP daemon - hypervvssd, the implementation of Hyper-V VSS functionality - hypervfcopyd...

Prototype Pollution

typeorm is vulnerable to prototype pollution. The mergeDeep function of OrmUtils.ts fails to validate the Object key value ...sources parameter, allowing an attacker to perform prototype pollution attacks by providing built-in properties such as proto...

OSV-2020-279 Global-buffer-overflow in lex_multiline_string

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18562 Crash type: Global-buffer-overflow READ 3 Crash state: lexmultilinestring lexnext parsekeyvalue...

CVE-2020-14163

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in...

Input validation

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in...

CVE-2020-14163

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in...

The vulnerability of the SVGKeyValuePairs function in the ImageMagick console-based graphics editor allows a hacker to trigger a service failure.

The vulnerability of the SVGKeyValuePairs function coders/svg.c in the ImageMagick console-based graphics editor is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using a specially crafted image...

Fedora: Security Advisory for etcd (FEDORA-2020-279c61dd70)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 30 Update: etcd-3.3.12-5.20190413gitf29b1ad.fc30

A highly-available key value store for shared configuration...