{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-34038", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T08:16:16.219Z", "dateReserved": "2022-06-20T00:00:00", "datePublished": "2023-08-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-06T15:52:28.450432"}, "descriptions": [{"lang": "en", "value": "Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/etcd-io/etcd/pull/14022"}, {"url": "https://github.com/etcd-io/etcd/pull/14452"}, {"url": "https://github.com/golang/vulndb/issues/2016#issuecomment-1698677762"}, {"url": "https://go-review.googlesource.com/c/vulndb/+/524456"}, {"url": "https://go-review.googlesource.com/c/vulndb/+/524456/2/data/excluded/GO-2023-2016.yaml"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:16:16.219Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/etcd-io/etcd/pull/14022", "tags": ["x_transferred"]}, {"url": "https://github.com/etcd-io/etcd/pull/14452", "tags": ["x_transferred"]}, {"url": "https://github.com/golang/vulndb/issues/2016#issuecomment-1698677762", "tags": ["x_transferred"]}, {"url": "https://go-review.googlesource.com/c/vulndb/+/524456", "tags": ["x_transferred"]}, {"url": "https://go-review.googlesource.com/c/vulndb/+/524456/2/data/excluded/GO-2023-2016.yaml", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:etcd:etcd:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "40857CA1-2C0D-4602-91D3-45CFC0472736", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability."}, {"lang": "es", "value": "Etcd v3.5.4 permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n PageWriter.write en pagewriter.go. NOTA: la posici\u00f3n del proveedor es que esto no es una vulnerabilidad.\n"}], "id": "CVE-2022-34038", "lastModified": "2024-08-03T09:15:12.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-22T19:16:23.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/etcd-io/etcd/pull/14022"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/etcd-io/etcd/pull/14452"}, {"source": "cve@mitre.org", "url": "https://github.com/golang/vulndb/issues/2016#issuecomment-1698677762"}, {"source": "cve@mitre.org", "url": "https://go-review.googlesource.com/c/vulndb/+/524456"}, {"source": "cve@mitre.org", "url": "https://go-review.googlesource.com/c/vulndb/+/524456/2/data/excluded/GO-2023-2016.yaml"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "etcd: remote DoS via PageWriter.write", "id": "2236567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236567"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.", "A flaw was found in the etcd package. Affected versions of etcd allow remote attackers to cause a denial of service via the PageWriter.write function in pagewriter.go, possibly affecting system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-34038", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "etcd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Affected", "package_name": "openstack-etcd-container", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "openstack-etcd-container", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Affected", "package_name": "openstack-etcd-container", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Affected", "package_name": "openstack-etcd-container", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:openstack:18.0", "fix_state": "Affected", "package_name": "openstack-etcd-container", "product_name": "Red Hat OpenStack Platform 18.0"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "etcd", "product_name": "Red Hat Storage 3"}], "public_date": "2023-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-34038\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34038\nhttps://github.com/etcd-io/etcd/pull/14022\nhttps://github.com/etcd-io/etcd/pull/14452"], "statement": "The only way to trigger this CVE is to dynamically change an unexported variable's value at runtime, which is not possible in any of the Red Hat products. Although the affected code is present in the codebase, we have rated this as a Moderate impact.", "threat_severity": "Moderate"}