CVE-2020-15114: Denial of Service in etcd

First published: Wed Aug 05 2020(Updated: )

### Vulnerability type Denial of Service ### Detail The etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)

Credit: security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-cve
• collector/nvd-index
• agent/type
• agent/first-publish-date
• agent/weakness
• agent/severity
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2020-15114
• agent/software-canonical-lookup
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-2xhq-gv6c-p224
• agent/description
• agent/references
• agent/author
• agent/softwarecombine
• collector/nvd-cve
• source/NVD
• collector/github-advisory
• collector/mitre-cve
• source/MITRE
• agent/title
• agent/last-modified-date
• agent/tags
• agent/event
• package-manager/redhat
• vendor/redhat
• canonical/redhat etcd
• version/redhat etcd/3.3.0
• version/redhat etcd/3.4.0
• vendor/fedoraproject
• canonical/fedoraproject fedora
• version/fedoraproject fedora/32
• package-manager/go