CVE-2020-15106 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-15106 Interim 1 25 2023-02-11T01:00:10Z current 2021-05-30T14:41:46Z 2023-02-11T01:00:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-15106 In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2020-December/007989.html E-Mail link for SUSE-CU-2020:783-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007991.html E-Mail link for SUSE-CU-2020:785-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007994.html E-Mail link for SUSE-CU-2020:788-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007995.html E-Mail link for SUSE-CU-2020:789-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007997.html E-Mail link for SUSE-CU-2020:791-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007998.html E-Mail link for SUSE-CU-2020:793-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008028.html E-Mail link for SUSE-CU-2020:822-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008031.html E-Mail link for SUSE-CU-2020:825-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008037.html E-Mail link for SUSE-CU-2020:831-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008038.html E-Mail link for SUSE-CU-2020:832-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008039.html E-Mail link for SUSE-CU-2020:833-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008040.html E-Mail link for SUSE-CU-2020:834-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008044.html E-Mail link for SUSE-CU-2020:837-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008054.html E-Mail link for SUSE-CU-2020:848-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008055.html E-Mail link for SUSE-CU-2020:849-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008056.html E-Mail link for SUSE-CU-2020:850-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008057.html E-Mail link for SUSE-CU-2020:851-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008058.html E-Mail link for SUSE-CU-2020:852-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007973.html E-Mail link for SUSE-SU-2020:3760-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007972.html E-Mail link for SUSE-SU-2020:3761-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container caasp/v4/coredns:1.6.7 Container caasp/v4/etcd:3.4.13 Container caasp/v4/helm-tiller:2.16.12 Container caasp/v4/hyperkube:v1.17.17 Container caasp/v4/kubernetes-client:1.17.17 Container caasp/v4/kucero:1.3.0 Container caasp/v4/kured:1.3.0 SUSE CaaS Platform 4.0 SUSE CaaS Platform 4.5 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 openSUSE Tumbleweed caasp-release-4.2.4-24.36.1 caasp-release-4.5.2-1.8.2 coredns-1.6.7-3.13.1 cri-o-1.16.1-3.37.3 cri-o-1.18-1.18.4-4.3.2 cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 cri-o-kubeadm-criconfig-1.16.1-3.37.3 etcd-3.4.13-4.15.1 etcd-3.4.16-3.1 etcdctl-3.4.13-3.3.1 etcdctl-3.4.13-4.15.1 etcdctl-3.4.16-3.1 helm-2.16.12-3.10.1 helm2-2.16.12-3.3.1 helm3-3.3.3-1.3.1 helm3-3.3.3-3.8.1 kubernetes-1.18-kubeadm-1.18.10-4.3.1 kubernetes-1.18-kubelet-1.18.10-4.3.1 kubernetes-client-1.17.13-4.21.2 kubernetes-common-1.17.13-4.21.2 kubernetes-kubeadm-1.17.13-4.21.2 kubernetes-kubelet-1.17.13-4.21.2 kucero-1.3.0-1.3.1 patterns-caasp-Management-4.5-3.3.1 skuba-1.4.11-3.49.2 skuba-2.1.11-3.10.1 skuba-update-1.4.11-3.49.2 skuba-update-2.1.11-3.10.1 terraform-provider-aws-2.59.0-1.6.1 velero-1.4.2-3.3.1 coredns-1.6.7-3.13.1 as a component of Container caasp/v4/coredns:1.6.7 etcd-3.4.13-4.15.1 as a component of Container caasp/v4/etcd:3.4.13 etcdctl-3.4.13-4.15.1 as a component of Container caasp/v4/etcd:3.4.13 helm-2.16.12-3.10.1 as a component of Container caasp/v4/helm-tiller:2.16.12 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/hyperkube:v1.17.17 kubernetes-client-1.17.13-4.21.2 as a component of Container caasp/v4/kubernetes-client:1.17.17 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/kubernetes-client:1.17.17 kubernetes-client-1.17.13-4.21.2 as a component of Container caasp/v4/kucero:1.3.0 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/kucero:1.3.0 kucero-1.3.0-1.3.1 as a component of Container caasp/v4/kucero:1.3.0 kubernetes-client-1.17.13-4.21.2 as a component of Container caasp/v4/kured:1.3.0 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/kured:1.3.0 caasp-release-4.2.4-24.36.1 as a component of SUSE CaaS Platform 4.0 cri-o-1.16.1-3.37.3 as a component of SUSE CaaS Platform 4.0 cri-o-kubeadm-criconfig-1.16.1-3.37.3 as a component of SUSE CaaS Platform 4.0 etcdctl-3.4.13-4.15.1 as a component of SUSE CaaS Platform 4.0 helm-2.16.12-3.10.1 as a component of SUSE CaaS Platform 4.0 helm3-3.3.3-1.3.1 as a component of SUSE CaaS Platform 4.0 kubernetes-client-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 kubernetes-common-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 kubernetes-kubeadm-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 kubernetes-kubelet-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 skuba-1.4.11-3.49.2 as a component of SUSE CaaS Platform 4.0 skuba-update-1.4.11-3.49.2 as a component of SUSE CaaS Platform 4.0 terraform-provider-aws-2.59.0-1.6.1 as a component of SUSE CaaS Platform 4.0 caasp-release-4.5.2-1.8.2 as a component of SUSE CaaS Platform 4.5 cri-o-1.18-1.18.4-4.3.2 as a component of SUSE CaaS Platform 4.5 cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 as a component of SUSE CaaS Platform 4.5 etcdctl-3.4.13-3.3.1 as a component of SUSE CaaS Platform 4.5 helm2-2.16.12-3.3.1 as a component of SUSE CaaS Platform 4.5 helm3-3.3.3-3.8.1 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubeadm-1.18.10-4.3.1 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubelet-1.18.10-4.3.1 as a component of SUSE CaaS Platform 4.5 patterns-caasp-Management-4.5-3.3.1 as a component of SUSE CaaS Platform 4.5 skuba-2.1.11-3.10.1 as a component of SUSE CaaS Platform 4.5 skuba-update-2.1.11-3.10.1 as a component of SUSE CaaS Platform 4.5 velero-1.4.2-3.3.1 as a component of SUSE CaaS Platform 4.5 kubernetes-client-1.17.13-4.21.2 as a component of SUSE Linux Enterprise Module for Containers 15 SP1 kubernetes-common-1.17.13-4.21.2 as a component of SUSE Linux Enterprise Module for Containers 15 SP1 etcd-3.4.16-3.1 as a component of openSUSE Tumbleweed etcdctl-3.4.16-3.1 as a component of openSUSE Tumbleweed In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. CVE-2020-15106 Container caasp/v4/coredns:1.6.7:coredns-1.6.7-3.13.1 Container caasp/v4/etcd:3.4.13:etcd-3.4.13-4.15.1 Container caasp/v4/etcd:3.4.13:etcdctl-3.4.13-4.15.1 Container caasp/v4/helm-tiller:2.16.12:helm-2.16.12-3.10.1 Container caasp/v4/hyperkube:v1.17.17:kubernetes-common-1.17.13-4.21.2 Container caasp/v4/kubernetes-client:1.17.17:kubernetes-client-1.17.13-4.21.2 Container caasp/v4/kubernetes-client:1.17.17:kubernetes-common-1.17.13-4.21.2 Container caasp/v4/kucero:1.3.0:kubernetes-client-1.17.13-4.21.2 Container caasp/v4/kucero:1.3.0:kubernetes-common-1.17.13-4.21.2 Container caasp/v4/kucero:1.3.0:kucero-1.3.0-1.3.1 Container caasp/v4/kured:1.3.0:kubernetes-client-1.17.13-4.21.2 Container caasp/v4/kured:1.3.0:kubernetes-common-1.17.13-4.21.2 SUSE CaaS Platform 4.0:caasp-release-4.2.4-24.36.1 SUSE CaaS Platform 4.0:cri-o-1.16.1-3.37.3 SUSE CaaS Platform 4.0:cri-o-kubeadm-criconfig-1.16.1-3.37.3 SUSE CaaS Platform 4.0:etcdctl-3.4.13-4.15.1 SUSE CaaS Platform 4.0:helm-2.16.12-3.10.1 SUSE CaaS Platform 4.0:helm3-3.3.3-1.3.1 SUSE CaaS Platform 4.0:kubernetes-client-1.17.13-4.21.2 SUSE CaaS Platform 4.0:kubernetes-common-1.17.13-4.21.2 SUSE CaaS Platform 4.0:kubernetes-kubeadm-1.17.13-4.21.2 SUSE CaaS Platform 4.0:kubernetes-kubelet-1.17.13-4.21.2 SUSE CaaS Platform 4.0:skuba-1.4.11-3.49.2 SUSE CaaS Platform 4.0:skuba-update-1.4.11-3.49.2 SUSE CaaS Platform 4.0:terraform-provider-aws-2.59.0-1.6.1 SUSE CaaS Platform 4.5:caasp-release-4.5.2-1.8.2 SUSE CaaS Platform 4.5:cri-o-1.18-1.18.4-4.3.2 SUSE CaaS Platform 4.5:cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 SUSE CaaS Platform 4.5:etcdctl-3.4.13-3.3.1 SUSE CaaS Platform 4.5:helm2-2.16.12-3.3.1 SUSE CaaS Platform 4.5:helm3-3.3.3-3.8.1 SUSE CaaS Platform 4.5:kubernetes-1.18-kubeadm-1.18.10-4.3.1 SUSE CaaS Platform 4.5:kubernetes-1.18-kubelet-1.18.10-4.3.1 SUSE CaaS Platform 4.5:patterns-caasp-Management-4.5-3.3.1 SUSE CaaS Platform 4.5:skuba-2.1.11-3.10.1 SUSE CaaS Platform 4.5:skuba-update-2.1.11-3.10.1 SUSE CaaS Platform 4.5:velero-1.4.2-3.3.1 SUSE Linux Enterprise Module for Containers 15 SP1:kubernetes-client-1.17.13-4.21.2 SUSE Linux Enterprise Module for Containers 15 SP1:kubernetes-common-1.17.13-4.21.2 openSUSE Tumbleweed:etcd-3.4.16-3.1 openSUSE Tumbleweed:etcdctl-3.4.16-3.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H