Candidate: CVE-2020-15114
PublicDate: 2020-08-06 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15114
 https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
Description:
 In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP
 proxy to allow for basic service discovery and access. However, it is
 possible to include the gateway address as an endpoint. This results in a
 denial of service, since the endpoint can become stuck in a loop of
 requesting itself until there are no more available file descriptors to
 accept connections on the gateway.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H [7.7 HIGH]


Patches_etcd:
 upstream: https://github.com/etcd-io/etcd/commit/f6b822dfe85c9f004c7188496e8573bdaa582260 (3.3.23)
upstream_etcd: released (3.3.23, 3.4.10)
precise/esm_etcd: DNE
trusty_etcd: ignored (out of standard support)
trusty/esm_etcd: DNE
xenial_etcd: ignored (end of standard support, was needs-triage)
bionic_etcd: needed
focal_etcd: needed
groovy_etcd: ignored (reached end-of-life)
hirsute_etcd: ignored (reached end-of-life)
impish_etcd: not-affected (3.3.23)
jammy_etcd: not-affected (3.3.23)
devel_etcd: not-affected (3.3.23)