N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-pm3m-32r3-7mfh

EPSS Score

CWE

Published

2/3/2024

Updated

7/8/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-pm3m-32r3-7mfh

GHSA-pm3m-32r3-7mfh: Etcd embed auto compaction retention negative value causing a compaction loop or a crash

Impact

Data Validation

Detail

The parseCompactionRetention function in embed/etcd.go allows the retention variable value to be negative and causes the node to execute the history compaction in a loop, taking more CPU than usual and spamming logs.

References

Find out more on this vulnerability in the security audit report

For more information

If you have any questions or comments about this advisory:

Contact the etcd security committee

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-pm3m-32r3-7mfh

EPSS Score

CWE

Published

2/3/2024

Updated

7/8/2024

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
go.etcd.io/etcd/v3	go	>= 3.4.0-rc.0, <= 3.4.9	3.4.10
go.etcd.io/etcd/v3	go	< 3.3.23	3.3.23

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly identifies parseCompactionRetention in embed/etcd.go as the source of improper input validation. The function's failure to reject negative retention values directly causes the compaction loop described. Multiple sources (security audit report, GitHub advisory) confirm this root cause without requiring commit diffs. No other functions are mentioned in the vulnerability details.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t **t* V*li**tion ### **t*il T** p*rs**omp**tionR*t*ntion *un*tion in *m***/*t**.*o *llows t** r*t*ntion v*ri**l* v*lu* to ** n***tiv* *n* **us*s t** no** to *x**ut* t** *istory *omp**tion in * loop, t*kin* mor* *PU t**n usu*l *n* sp*mmin*

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `p*rs**omp**tionR*t*ntion` in `*m***/*t**.*o` *s t** sour** o* improp*r input v*li**tion. T** *un*tion's **ilur* to r*j**t n***tiv* r*t*ntion v*lu*s *ir**tly **us*s t** *omp**tion loop **s*ri***. Mu

N/A

Basic Information

Concerned about an active attack path?

GHSA-pm3m-32r3-7mfh: Etcd embed auto compaction retention negative value causing a compaction loop or a crash

Impact

Detail

References

For more information

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI