ghsa-x462-89pf-6r5h
Vulnerability from github
Impact
-
syncthingcan be caused to crash and exit if sent a malformed relay protocol message message with a negative length field. -
The relay server
strelaysrvcan be caused to crash and exit if sent a malformed relay protocol message with a negative length field.
At no point is sensitive data exposed or liable to be altered due to this issue. Sensitive data is never exposed to relay operators. Syncthing itself would need to be lured to connect to a malicious relay server in order to exploit the issue.
Patches
Fixed in version 1.15.0.
Workarounds
-
No known workaround for
strelaysrv. -
syncthingcan be configured to not use relays, or to only use specific, trusted relays. If Syncthing is used in a closed environment or with relaying disabled, i.e., it does not communicate with unknown relays, Syncthing is not vulnerable.
For more information
If you have any questions or comments about this advisory, please discuss it on the forum.
Thanks to Wojciech Paciorek for discovering and reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/syncthing/syncthing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21404"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T20:52:26Z",
"nvd_published_at": "2021-04-06T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\n\n1. `syncthing` can be caused to crash and exit if sent a malformed relay\n protocol message message with a negative length field.\n\n2. The relay server `strelaysrv` can be caused to crash and exit if sent\n a malformed relay protocol message with a negative length field.\n\nAt no point is sensitive data exposed or liable to be altered due to this\nissue. Sensitive data is never exposed to relay operators. Syncthing itself\nwould need to be lured to connect to a malicious relay server in order to\nexploit the issue.\n\n### Patches\n\nFixed in version 1.15.0.\n\n### Workarounds\n\n1. No known workaround for `strelaysrv`.\n\n2. `syncthing` can be configured to not use relays, or to only use specific,\n trusted relays. If Syncthing is used in a closed environment or with\n relaying disabled, i.e., it does not communicate with unknown relays,\n Syncthing is not vulnerable.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please discuss it [on the forum](https://forum.syncthing.net/).\n\nThanks to Wojciech Paciorek for discovering and reporting this issue.",
"id": "GHSA-x462-89pf-6r5h",
"modified": "2021-05-20T20:52:26Z",
"published": "2021-05-21T16:23:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21404"
},
{
"type": "WEB",
"url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97"
},
{
"type": "WEB",
"url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/github.com/syncthing/syncthing"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Crash due to malformed relay protocol message"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.