Denial of Service Vulnerability in Etcd Data Management Software by CoreOS
CVE-2022-34038

7.5HIGH

Key Information:

Vendor

Etcd

Status
Vendor
CVE Published:
22 August 2023

What is CVE-2022-34038?

Etcd v3.5.4 contains a vulnerability that allows remote attackers to exploit the PageWriter.write function in pagewriter.go, potentially leading to a denial of service. Despite this, the vendor's stance is that this scenario does not warrant classification as a vulnerability. Users of Etcd should be aware of the implications and consider mitigation strategies.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.