CVE-2022-34038

Description

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.

How to fix CVE-2022-34038

To remediate CVE-2022-34038, upgrade the affected package to a fixed version below.

Bitnami/etcd—upgrade to 3.5.5 or later
Debian/etcd—no fix listed

Is CVE-2022-34038 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

>= 3.5.4, < 3.5.5
from 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (7)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-34038
WEBgithub.com/etcd-io/etcd/pull/14022
WEBgithub.com/etcd-io/etcd/pull/14452
WEBgithub.com/golang/vulndb/issues/2016#issuecomment-1698677762
WEB