[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2024:3656-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":36,"duplicates":37,"related":38,"reserved_at":9,"published_at":50,"modified_at":51,"state":9,"summary":52,"references_raw":54,"kevs":171,"epss":9,"epss_history":172,"metrics":173,"affected":174},"SUSE-SU-2024:3656-1","Security update for etcd\n\nThis update for etcd fixes the following issues:\n\nUpdate to version 3.5.12:\n\nSecurity fixes:\n\n- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)\n- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)\n- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)\n- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)\n- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)\n- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)\n- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)\n- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)\n- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)\n- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)\n- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)\n\nOther changes:\n\n- Added hardening to systemd service(s) (bsc#1181400)\n- Fixed static /tmp file issue (bsc#1199031)\n- Fixed systemd service not starting (bsc#1183703)\n\nFull changelog:\n\nhttps://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34],{"_key":15},"CVE-2018-16873",{"_key":17},"CVE-2018-16874",{"_key":19},"CVE-2018-16875",{"_key":21},"CVE-2018-16886",{"_key":23},"CVE-2020-15106",{"_key":25},"CVE-2020-15112",{"_key":27},"CVE-2021-28235",{"_key":29},"CVE-2022-41723",{"_key":31},"CVE-2023-29406",{"_key":33},"CVE-2023-47108",{"_key":35},"CVE-2023-48795",[],[],[39,40,41,42,43,44,45,46,47,48,49],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},"2024-10-16T11:33:42Z","2026-02-04T02:49:49.268837Z",{"cisa_kev":53,"cisa_ransomware":53,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[55,61,66,70,74,78,82,86,90,94,98,102,106,110,114,118,122,126,131,135,139,143,147,151,155,159,163,167],{"url":56,"sources":57,"tags":59},"https://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/",[58],"osv_opensuse",[60],"Advisory",{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1095184",[58],[65],"REPORT",{"url":67,"sources":68,"tags":69},"https://bugzilla.suse.com/1118897",[58],[65],{"url":71,"sources":72,"tags":73},"https://bugzilla.suse.com/1118898",[58],[65],{"url":75,"sources":76,"tags":77},"https://bugzilla.suse.com/1118899",[58],[65],{"url":79,"sources":80,"tags":81},"https://bugzilla.suse.com/1121850",[58],[65],{"url":83,"sources":84,"tags":85},"https://bugzilla.suse.com/1174951",[58],[65],{"url":87,"sources":88,"tags":89},"https://bugzilla.suse.com/1181400",[58],[65],{"url":91,"sources":92,"tags":93},"https://bugzilla.suse.com/1183703",[58],[65],{"url":95,"sources":96,"tags":97},"https://bugzilla.suse.com/1199031",[58],[65],{"url":99,"sources":100,"tags":101},"https://bugzilla.suse.com/1208270",[58],[65],{"url":103,"sources":104,"tags":105},"https://bugzilla.suse.com/1208297",[58],[65],{"url":107,"sources":108,"tags":109},"https://bugzilla.suse.com/1210138",[58],[65],{"url":111,"sources":112,"tags":113},"https://bugzilla.suse.com/1213229",[58],[65],{"url":115,"sources":116,"tags":117},"https://bugzilla.suse.com/1217070",[58],[65],{"url":119,"sources":120,"tags":121},"https://bugzilla.suse.com/1217950",[58],[65],{"url":123,"sources":124,"tags":125},"https://bugzilla.suse.com/1218150",[58],[65],{"url":127,"sources":128,"tags":129},"https://www.suse.com/security/cve/CVE-2018-16873",[58],[130],"WEB",{"url":132,"sources":133,"tags":134},"https://www.suse.com/security/cve/CVE-2018-16874",[58],[130],{"url":136,"sources":137,"tags":138},"https://www.suse.com/security/cve/CVE-2018-16875",[58],[130],{"url":140,"sources":141,"tags":142},"https://www.suse.com/security/cve/CVE-2018-16886",[58],[130],{"url":144,"sources":145,"tags":146},"https://www.suse.com/security/cve/CVE-2020-15106",[58],[130],{"url":148,"sources":149,"tags":150},"https://www.suse.com/security/cve/CVE-2020-15112",[58],[130],{"url":152,"sources":153,"tags":154},"https://www.suse.com/security/cve/CVE-2021-28235",[58],[130],{"url":156,"sources":157,"tags":158},"https://www.suse.com/security/cve/CVE-2022-41723",[58],[130],{"url":160,"sources":161,"tags":162},"https://www.suse.com/security/cve/CVE-2023-29406",[58],[130],{"url":164,"sources":165,"tags":166},"https://www.suse.com/security/cve/CVE-2023-47108",[58],[130],{"url":168,"sources":169,"tags":170},"https://www.suse.com/security/cve/CVE-2023-48795",[58],[130],[],[],[],[175,188],{"ecosystem":176,"name":177,"vendor":178,"product":179,"cpe_part":9,"purl_type":180,"purl_namespace":178,"purl_name":179,"source":9,"versions":181},"openSUSE","etcd","opensuse","etcd&distro=openSUSE Leap 15.5","rpm",[182],{"version":183,"is_range":184,"range_type":185,"version_start":9,"version_start_type":9,"version_end":186,"version_end_type":187,"fixed_in":9},"lt3_5_12_150000_7_6_1",true,"ecosystem","3.5.12-150000.7.6.1","excluding",{"ecosystem":176,"name":177,"vendor":178,"product":189,"cpe_part":9,"purl_type":180,"purl_namespace":178,"purl_name":189,"source":9,"versions":190},"etcd&distro=openSUSE Leap 15.6",[191],{"version":183,"is_range":184,"range_type":185,"version_start":9,"version_start_type":9,"version_end":186,"version_end_type":187,"fixed_in":9}]