CVE-2026-33817 - Vulnerability Details

CVE confirmed to be a false positive

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Etcd-io	Bbolt

No data.

References

Link	Providers
https://github.com/etcd-io/bbolt/pull/1171/changes/386d5b69785937d1aa20cb25c8439404cf398143
https://github.com/golang/vulndb/issues/4923
https://nvd.nist.gov/vuln/detail/CVE-2026-33817
https://pkg.go.dev/vuln/GO-2026-4923
https://www.cve.org/CVERecord?id=CVE-2026-33817

History

Wed, 08 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
Description	(This report has been withdrawn with reason: "Reporter and maintainer have confirmed this as false positive"). Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt	CVE confirmed to be a false positive
Title	WITHDRAWN: out-of-range-index in go.etcd.io/bbolt	Vulnerability in go.etcd.io/bbolt

Wed, 08 Apr 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description	Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt	(This report has been withdrawn with reason: "Reporter and maintainer have confirmed this as false positive"). Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
Title	Vulnerability in go.etcd.io/bbolt	WITHDRAWN: out-of-range-index in go.etcd.io/bbolt

Wed, 08 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-33817 https://www.cve.org/CVERecord?id=CVE-2026-33817
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 07 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Etcd-io Etcd-io bbolt
Vendors & Products		Etcd-io Etcd-io bbolt

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 06 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
Description		Index out-of-range when encountering a branch page with zero elements in go.etcd.io/bbolt
Title		Vulnerability in go.etcd.io/bbolt
References		https://github.com/etcd-io/bbolt/pull/1171/changes/386d5b69785937d1aa20cb25c8439404cf398143 https://github.com/golang/vulndb/issues/4923 https://pkg.go.dev/vuln/GO-2026-4923

MITRE

Status: REJECTED

Assigner: Go

Published: 2026-04-06T18:13:23.996Z

Updated: 2026-04-08T17:08:34.464Z

Reserved: 2026-03-23T20:35:32.815Z

Link: CVE-2026-33817

Vulnrichment

Updated: 2026-04-06T19:23:47.201Z

NVD

Status : Rejected

Published: 2026-04-06T19:16:27.677

Modified: 2026-04-08T18:26:00.870

Link: CVE-2026-33817

Redhat

Severity : Moderate

Publid Date: 2026-04-06T18:13:23Z

Links: CVE-2026-33817 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object