You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using etcd version 3.5.4 and after reviewing the related description of CVE-2022-34038 and the PR that fixes the issue, we have some questions.
NewPageWriter is an internal function of etcd, and pageBytes is hardcoded, value is 4096 in newEncoder. In what cases will etcd panic occur?
In the PR for fixing the issue, use the Verify method to intercept the scenario where pageBytes is 0. If pageBytes is 0, a panic will still occur, which seems no different from when dividing by 0 and will cause etcd to refuse service. Why fix it this way?
Why does this only affect versions below v3.5.5? No code fixing this issue has been found in version 3.5.5.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
We are using etcd version 3.5.4 and after reviewing the related description of CVE-2022-34038 and the PR that fixes the issue, we have some questions.
NewPageWriteris an internal function of etcd, andpageBytesis hardcoded, value is 4096 in newEncoder. In what cases will etcd panic occur?In the PR for fixing the issue, use the
Verifymethod to intercept the scenario wherepageBytesis 0. IfpageBytesis 0, a panic will still occur, which seems no different from when dividing by 0 and will cause etcd to refuse service. Why fix it this way?Why does this only affect versions below v3.5.5? No code fixing this issue has been found in version 3.5.5.
Beta Was this translation helpful? Give feedback.
All reactions