Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/etcd@3.2.32-1?arch=el7_9
Typerpm
Namespaceredhat
Nameetcd
Version3.2.32-1
Qualifiers
arch el7_9
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-e63c-7p3h-f3gj
vulnerability_id VCID-e63c-7p3h-f3gj
summary 
Panic due to malformed WALs in go.etcd.io/etcd
### Vulnerability type
Data Validation

### Detail
The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

### Specific Go Packages Affected
github.com/etcd-io/etcd/wal

### References
Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf)

### For more information
If you have any questions or comments about this advisory:
* Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15106
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35387
published_at 2026-04-21T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35439
published_at 2026-04-18T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35451
published_at 2026-04-16T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35411
published_at 2026-04-13T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.35435
published_at 2026-04-12T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35478
published_at 2026-04-11T12:55:00Z
6
value 0.00149
scoring_system epss
scoring_elements 0.35468
published_at 2026-04-09T12:55:00Z
7
value 0.00149
scoring_system epss
scoring_elements 0.35443
published_at 2026-04-08T12:55:00Z
8
value 0.00149
scoring_system epss
scoring_elements 0.35398
published_at 2026-04-07T12:55:00Z
9
value 0.00149
scoring_system epss
scoring_elements 0.35514
published_at 2026-04-04T12:55:00Z
10
value 0.00149
scoring_system epss
scoring_elements 0.3549
published_at 2026-04-02T12:55:00Z
11
value 0.00149
scoring_system epss
scoring_elements 0.35291
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15106
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/etcd-io/etcd
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd
5
reference_url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
6
reference_url https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675
7
reference_url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
8
reference_url https://github.com/etcd-io/etcd/pull/11793
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/pull/11793
9
reference_url https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15106
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15106
12
reference_url https://pkg.go.dev/vuln/GO-2020-0005
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0005
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868883
reference_id 1868883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1868883
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
reference_id 968740
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
15
reference_url https://access.redhat.com/errata/RHSA-2021:0916
reference_id RHSA-2021:0916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0916
16
reference_url https://access.redhat.com/errata/RHSA-2021:1407
reference_id RHSA-2021:1407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1407
17
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
18
reference_url https://usn.ubuntu.com/5628-1/
reference_id USN-5628-1
reference_type
scores
url https://usn.ubuntu.com/5628-1/
19
reference_url https://usn.ubuntu.com/USN-5628-2/
reference_id USN-USN-5628-2
reference_type
scores
url https://usn.ubuntu.com/USN-5628-2/
fixed_packages
aliases CVE-2020-15106, GHSA-p4g4-wgrh-qrg2
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e63c-7p3h-f3gj
1
url VCID-uyag-gzdr-kbf9
vulnerability_id VCID-uyag-gzdr-kbf9
summary 
etcd's WAL `ReadAll`  method vulnerable to an entry with large index causing panic
### Vulnerability type
Data Validation

### Detail
In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

### References
Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf)

### For more information
If you have any questions or comments about this advisory:
* Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15112
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29862
published_at 2026-04-12T12:55:00Z
1
value 0.00113
scoring_system epss
scoring_elements 0.29764
published_at 2026-04-21T12:55:00Z
2
value 0.00113
scoring_system epss
scoring_elements 0.29811
published_at 2026-04-18T12:55:00Z
3
value 0.00113
scoring_system epss
scoring_elements 0.29831
published_at 2026-04-16T12:55:00Z
4
value 0.00113
scoring_system epss
scoring_elements 0.29813
published_at 2026-04-13T12:55:00Z
5
value 0.00113
scoring_system epss
scoring_elements 0.299
published_at 2026-04-01T12:55:00Z
6
value 0.00113
scoring_system epss
scoring_elements 0.29943
published_at 2026-04-02T12:55:00Z
7
value 0.00113
scoring_system epss
scoring_elements 0.29992
published_at 2026-04-04T12:55:00Z
8
value 0.00113
scoring_system epss
scoring_elements 0.29804
published_at 2026-04-07T12:55:00Z
9
value 0.00113
scoring_system epss
scoring_elements 0.29866
published_at 2026-04-08T12:55:00Z
10
value 0.00113
scoring_system epss
scoring_elements 0.29902
published_at 2026-04-09T12:55:00Z
11
value 0.00113
scoring_system epss
scoring_elements 0.29908
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15112
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15112
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/etcd-io/etcd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd
5
reference_url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
6
reference_url https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/7d1cf640497cbcdfb932e619b13624112c7e3865
7
reference_url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
8
reference_url https://github.com/etcd-io/etcd/pull/11793
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/pull/11793
9
reference_url https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15112
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15112
12
reference_url https://pkg.go.dev/vuln/GO-2020-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0005
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868872
reference_id 1868872
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1868872
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
reference_id 968740
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
15
reference_url https://access.redhat.com/errata/RHSA-2021:0916
reference_id RHSA-2021:0916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0916
16
reference_url https://access.redhat.com/errata/RHSA-2021:1407
reference_id RHSA-2021:1407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1407
17
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
18
reference_url https://usn.ubuntu.com/5628-1/
reference_id USN-5628-1
reference_type
scores
url https://usn.ubuntu.com/5628-1/
19
reference_url https://usn.ubuntu.com/USN-5628-2/
reference_id USN-USN-5628-2
reference_type
scores
url https://usn.ubuntu.com/USN-5628-2/
fixed_packages
aliases CVE-2020-15112, GHSA-m332-53r6-2w93
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyag-gzdr-kbf9
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/etcd@3.2.32-1%3Farch=el7_9