Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-e63c-7p3h-f3gj
Summary
Panic due to malformed WALs in go.etcd.io/etcd
### Vulnerability type
Data Validation

### Detail
The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

### Specific Go Packages Affected
github.com/etcd-io/etcd/wal

### References
Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf)

### For more information
If you have any questions or comments about this advisory:
* Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)
Aliases
0
alias CVE-2020-15106
1
alias GHSA-p4g4-wgrh-qrg2
Fixed_packages
0
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-5%3Fdistro=trixie
1
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-6?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7565-6bvk-mqgx
1
vulnerability VCID-my73-sc8s-3faj
2
vulnerability VCID-pb9m-ts3k-uban
3
vulnerability VCID-ud4m-y2s3-nban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6%3Fdistro=trixie
2
url pkg:deb/debian/etcd@3.3.25%2Bdfsg-6
purl pkg:deb/debian/etcd@3.3.25%2Bdfsg-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7565-6bvk-mqgx
1
vulnerability VCID-my73-sc8s-3faj
2
vulnerability VCID-pb9m-ts3k-uban
3
vulnerability VCID-ud4m-y2s3-nban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.3.25%252Bdfsg-6
3
url pkg:deb/debian/etcd@3.4.23-4?distro=trixie
purl pkg:deb/debian/etcd@3.4.23-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-my73-sc8s-3faj
1
vulnerability VCID-pb9m-ts3k-uban
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.4.23-4%3Fdistro=trixie
4
url pkg:deb/debian/etcd@3.5.16-4?distro=trixie
purl pkg:deb/debian/etcd@3.5.16-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-4%3Fdistro=trixie
5
url pkg:deb/debian/etcd@3.5.16-10?distro=trixie
purl pkg:deb/debian/etcd@3.5.16-10?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.5.16-10%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/etcd@3.2.26%2Bdfsg-3
purl pkg:deb/debian/etcd@3.2.26%2Bdfsg-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ma-yxfn-xbeu
1
vulnerability VCID-3533-gs1j-8yby
2
vulnerability VCID-7ebn-2p3p-bfg9
3
vulnerability VCID-e63c-7p3h-f3gj
4
vulnerability VCID-uyag-gzdr-kbf9
5
vulnerability VCID-vj2t-6kre-53h6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/etcd@3.2.26%252Bdfsg-3
1
url pkg:rpm/redhat/etcd@3.2.32-1?arch=el7_9
purl pkg:rpm/redhat/etcd@3.2.32-1?arch=el7_9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e63c-7p3h-f3gj
1
vulnerability VCID-uyag-gzdr-kbf9
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/etcd@3.2.32-1%3Farch=el7_9
2
url pkg:rpm/redhat/etcd@3.3.23-1?arch=el8ost
purl pkg:rpm/redhat/etcd@3.3.23-1?arch=el8ost
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15ma-yxfn-xbeu
1
vulnerability VCID-3533-gs1j-8yby
2
vulnerability VCID-7ebn-2p3p-bfg9
3
vulnerability VCID-e63c-7p3h-f3gj
4
vulnerability VCID-uyag-gzdr-kbf9
5
vulnerability VCID-vj2t-6kre-53h6
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/etcd@3.3.23-1%3Farch=el8ost
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15106
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35152
published_at 2026-04-24T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35387
published_at 2026-04-21T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35439
published_at 2026-04-18T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35451
published_at 2026-04-16T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.35411
published_at 2026-04-13T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35435
published_at 2026-04-12T12:55:00Z
6
value 0.00149
scoring_system epss
scoring_elements 0.35478
published_at 2026-04-11T12:55:00Z
7
value 0.00149
scoring_system epss
scoring_elements 0.35468
published_at 2026-04-09T12:55:00Z
8
value 0.00149
scoring_system epss
scoring_elements 0.35443
published_at 2026-04-08T12:55:00Z
9
value 0.00149
scoring_system epss
scoring_elements 0.35398
published_at 2026-04-07T12:55:00Z
10
value 0.00149
scoring_system epss
scoring_elements 0.35514
published_at 2026-04-04T12:55:00Z
11
value 0.00149
scoring_system epss
scoring_elements 0.3549
published_at 2026-04-02T12:55:00Z
12
value 0.00149
scoring_system epss
scoring_elements 0.35291
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15106
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15106
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/etcd-io/etcd
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd
5
reference_url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf
6
reference_url https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/4571e528f49625d3de3170f219a45c3b3d38c675
7
reference_url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/commit/f4b650b51dc4a53a8700700dc12e1242ac56ba07
8
reference_url https://github.com/etcd-io/etcd/pull/11793
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/pull/11793
9
reference_url https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15106
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15106
12
reference_url https://pkg.go.dev/vuln/GO-2020-0005
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0005
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868883
reference_id 1868883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1868883
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
reference_id 968740
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968740
15
reference_url https://access.redhat.com/errata/RHSA-2021:0916
reference_id RHSA-2021:0916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0916
16
reference_url https://access.redhat.com/errata/RHSA-2021:1407
reference_id RHSA-2021:1407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1407
17
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
18
reference_url https://usn.ubuntu.com/5628-1/
reference_id USN-5628-1
reference_type
scores
url https://usn.ubuntu.com/5628-1/
19
reference_url https://usn.ubuntu.com/USN-5628-2/
reference_id USN-USN-5628-2
reference_type
scores
url https://usn.ubuntu.com/USN-5628-2/
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Exploits
Severity_range_score0.1 - 6.5
Exploitability0.5
Weighted_severity5.9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-e63c-7p3h-f3gj