EUVD-2023-0749

Malicious code in bioql PyPI...

GHSA-P4G4-WGRH-QRG2 Panic due to malformed WALs in go.etcd.io/etcd

Vulnerability type Data Validation Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant tryi...

etcd: Large slice causes panic in decodeRecord method

A flaw was found In etcd, where a large slice causes panic in the decodeRecord method. The size of a record is stored in the length field of a WAL file, and no additional validation is performed on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionall...

CVE-2020-15106

CVE-2020-15106 affects etcd prior to versions 3.3.23 and 3.4.10. A large slice is stored in the WAL file length field with no further validation, enabling forging an extremely large frame size that can cause a panic when RAFT participants decode the WAL. Public details come from multiple sources ...

PT-2020-14194 · Etcd +4 · Etcd +4

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.0 through 3.3.22 etcd versions 3.4.0 through 3.4.9 Description: The issue is related to data validation in the ReadAll method in wal/wal.go, where it is possible to have an entry index greater than the number of entries. Thi...