CVEFinder.io

CVE-2020-15106

đŸ”ļ medium
🔍 Scan for this CVE
Summary

In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

CVSS Score
6.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2020-08-05
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.8% of all 329,778 vulnerabilities in our database.

#172,206
Below average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-20

đŸ“Ļ Affected Products 3

Vendor Product Status Affected Versions
fedoraproject fedora Affected
v32
etcd etcd Affected
< 3.3.23
etcd etcd Affected
≥ 3.4.0 < 3.4.10

🔗 References 2

https://github.com/etcd-io/etcd/security/advisories/...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/packag...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-44283 đŸ”ļ medium 0.0 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulne... 2026-05-14
CVE-2026-35093 ⚠ī¸ high 8.8 0.0 A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or ... 2026-04-01
CVE-2026-35094 ℹī¸ low 3.3 0.0 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can expl... 2026-04-01
CVE-2026-33343 đŸ”ļ medium 0.0 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... 2026-03-26
CVE-2026-33413 ⚠ī¸ high 8.8 0.0 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9,... 2026-03-26
CVE-2023-4134 đŸ”ļ medium 5.5 0.0 A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device... 2024-11-14
These CVEs affect the same products