Untriaged
Permalink
CVE-2024-4438
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
References
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-4438 x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT
- RHSA-2024:2729 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3352 vendor-advisory x_refsource_REDHAT x_transferred
- RHSA-2024:3467 vendor-advisory x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-4438 x_transferred x_refsource_REDHAT vdb-entry
- RHBZ#2279365 issue-tracking x_refsource_REDHAT x_transferred
Affected products
etcd
- ==3.3.23
- *
Matching in nixpkgs
pkgs.netcdf
Libraries for the Unidata network Common Data Format
-
nixos-unstable -
- nixpkgs-unstable 4.9.3
pkgs.etcd_3_4
Distributed reliable key-value store for the most critical data of a distributed system
-
nixos-unstable -
- nixpkgs-unstable 3.4.37
pkgs.etcd_3_5
Distributed reliable key-value store for the most critical data of a distributed system
-
nixos-unstable -
- nixpkgs-unstable 3.5.22
pkgs.etcd_3_6
Distributed reliable key-value store for the most critical data of a distributed system
-
nixos-unstable -
- nixpkgs-unstable 3.6.4
pkgs.netcdf-mpi
Libraries for the Unidata network Common Data Format
-
nixos-unstable -
- nixpkgs-unstable 4.9.3
pkgs.netcdfcxx4
C++ API to manipulate netcdf files
-
nixos-unstable -
- nixpkgs-unstable cxx4-4.3.1
pkgs.netcdffortran
Fortran API to manipulate netcdf files
-
nixos-unstable -
- nixpkgs-unstable 4.4.5
pkgs.octavePackages.netcdf
NetCDF interface for Octave
-
nixos-unstable -
- nixpkgs-unstable 10.2.0-netcdf-1.0.18
pkgs.python312Packages.etcd
Python etcd client that just works
-
nixos-unstable -
- nixpkgs-unstable 2.0.8
pkgs.python313Packages.etcd
Python etcd client that just works
-
nixos-unstable -
- nixpkgs-unstable 2.0.8
pkgs.python312Packages.aetcd
Python asyncio-based client for etcd
-
nixos-unstable -
- nixpkgs-unstable 1.0.0a4
pkgs.python312Packages.etcd3
Python client for the etcd API v3
-
nixos-unstable -
- nixpkgs-unstable etcd3-0.12.0
pkgs.python313Packages.aetcd
Python asyncio-based client for etcd
-
nixos-unstable -
- nixpkgs-unstable 1.0.0a4
pkgs.python313Packages.etcd3
Python client for the etcd API v3
-
nixos-unstable -
- nixpkgs-unstable etcd3-0.12.0
pkgs.python312Packages.netcdf4
Interface to netCDF library (versions 3 and 4)
-
nixos-unstable -
- nixpkgs-unstable netcdf4-1.7.2
pkgs.python313Packages.netcdf4
Interface to netCDF library (versions 3 and 4)
-
nixos-unstable -
- nixpkgs-unstable netcdf4-1.7.2
pkgs.python312Packages.h5netcdf
Pythonic interface to netCDF4 via h5py
-
nixos-unstable -
- nixpkgs-unstable h5netcdf-1.6.4
pkgs.python313Packages.h5netcdf
Pythonic interface to netCDF4 via h5py
-
nixos-unstable -
- nixpkgs-unstable h5netcdf-1.6.4
pkgs.python312Packages.python-etcd
Python client for Etcd
-
nixos-unstable -
- nixpkgs-unstable 0.5.0-unstable-2023-10-31
pkgs.python313Packages.python-etcd
Python client for Etcd
-
nixos-unstable -
- nixpkgs-unstable 0.5.0-unstable-2023-10-31
Package maintainers
-
@dtomvan Tom van Dijk <18gatenmaker6@gmail.com>
-
@bzizou Bruno Bzeznik <Bruno@bzizou.net>
-
@KarlJoad Karl Hallsby <karl@hallsby.com>
-
@qbisi qbisicwate <qbisicwate@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>