Skip to content

Etcd embed auto compaction retention negative value causing a compaction loop or a crash

Low severity GitHub Reviewed Published Aug 5, 2020 in etcd-io/etcd • Updated Jul 8, 2024

Package

gomod go.etcd.io/etcd/v3 (Go)

Affected versions

>= 3.4.0-rc.0, <= 3.4.9
< 3.3.23

Patched versions

3.4.10
3.3.23

Description

Impact

Data Validation

Detail

The parseCompactionRetention function in embed/etcd.go allows the retention variable value to be negative and causes the node to execute the history compaction in a loop, taking more CPU than usual and spamming logs.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

References

@spzala spzala published to etcd-io/etcd Aug 5, 2020
Published to the GitHub Advisory Database Feb 3, 2024
Reviewed Feb 3, 2024
Last updated Jul 8, 2024

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-pm3m-32r3-7mfh

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.