Veracode Vulnerability DatabaseVERACODE:42940Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
49.2%
github.com/etcd-io/etcd is vulnerable to Denial of Service (DoS) attacks… The vulnerability exists because the PageWriter.write function does not properly handle large requests, which an attacker to exploit this vulnerability by sending a specially crafted request that is larger than the expected size, causing the application to crash, resulting in a denial of service.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/etcd-io/etcd | le | v3.5.0-beta.1 | |
| github.com/etcd-io/etcd | le | v3.5.0-beta.1 |
References
github.com/advisories/GHSA-65rp-cv85-263x
github.com/etcd-io/etcd/commit/37220a97dcfb3e75a98b6c756778bc6fcaa03563
github.com/etcd-io/etcd/pull/14022
github.com/etcd-io/etcd/pull/14452
github.com/golang/vulndb/issues/2016#issuecomment-1698677762
go-review.googlesource.com/c/vulndb/+/524456
go-review.googlesource.com/c/vulndb/+/524456/2/data/excluded/GO-2023-2016.yaml
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
49.2%