VulnerableCode Package Details - pkg:rpm/redhat/etcd@3.2.32-1?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-e63c-7p3h-f3gj Aliases: CVE-2020-15106 GHSA-p4g4-wgrh-qrg2	Panic due to malformed WALs in go.etcd.io/etcd ### Vulnerability type Data Validation ### Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. ### Specific Go Packages Affected github.com/etcd-io/etcd/wal ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)	There are no reported fixed by versions.
VCID-uyag-gzdr-kbf9 Aliases: CVE-2020-15112 GHSA-m332-53r6-2w93	etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic ### Vulnerability type Data Validation ### Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md)	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-e63c-7p3h-f3gj
Aliases:
CVE-2020-15106
GHSA-p4g4-wgrh-qrg2

Panic due to malformed WALs in go.etcd.io/etcd ### Vulnerability type Data Validation ### Detail The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. ### Specific Go Packages Affected github.com/etcd-io/etcd/wal ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)

There are no reported fixed by versions.

VCID-uyag-gzdr-kbf9
Aliases:
CVE-2020-15112
GHSA-m332-53r6-2w93

etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic ### Vulnerability type Data Validation ### Detail In the ReadAll method in wal/wal.go, it is possible to have an entry index greater then the number of entries. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md)

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:05:16.661094+00:00	RedHat Importer	Affected by	VCID-e63c-7p3h-f3gj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json	38.0.0
2026-04-01T14:05:16.347760+00:00	RedHat Importer	Affected by	VCID-uyag-gzdr-kbf9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json	38.0.0

2026-04-01T14:05:16.661094+00:00

RedHat Importer

Affected by

VCID-e63c-7p3h-f3gj

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15106.json

38.0.0

2026-04-01T14:05:16.347760+00:00

RedHat Importer

Affected by

VCID-uyag-gzdr-kbf9

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15112.json

38.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1