GHSA-X462-89PF-6R5H

Vulnerability from github – Published: 2021-05-21 16:23 – Updated: 2021-05-20 20:52
VLAI?
Summary
Crash due to malformed relay protocol message
Details

Impact

  1. syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field.

  2. The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field.

At no point is sensitive data exposed or liable to be altered due to this issue. Sensitive data is never exposed to relay operators. Syncthing itself would need to be lured to connect to a malicious relay server in order to exploit the issue.

Patches

Fixed in version 1.15.0.

Workarounds

  1. No known workaround for strelaysrv.

  2. syncthing can be configured to not use relays, or to only use specific, trusted relays. If Syncthing is used in a closed environment or with relaying disabled, i.e., it does not communicate with unknown relays, Syncthing is not vulnerable.

For more information

If you have any questions or comments about this advisory, please discuss it on the forum.

Thanks to Wojciech Paciorek for discovering and reporting this issue.

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/syncthing/syncthing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21404"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-20T20:52:26Z",
    "nvd_published_at": "2021-04-06T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\n1. `syncthing` can be caused to crash and exit if sent a malformed relay\n   protocol message message with a negative length field.\n\n2. The relay server `strelaysrv` can be caused to crash and exit if sent\n   a malformed relay protocol message with a negative length field.\n\nAt no point is sensitive data exposed or liable to be altered due to this\nissue. Sensitive data is never exposed to relay operators. Syncthing itself\nwould need to be lured to connect to a malicious relay server in order to\nexploit the issue.\n\n### Patches\n\nFixed in version 1.15.0.\n\n### Workarounds\n\n1. No known workaround for `strelaysrv`.\n\n2. `syncthing` can be configured to not use relays, or to only use specific,\n   trusted relays. If Syncthing is used in a closed environment or with\n   relaying disabled, i.e., it does not communicate with unknown relays,\n   Syncthing is not vulnerable.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please discuss it [on the forum](https://forum.syncthing.net/).\n\nThanks to Wojciech Paciorek for discovering and reporting this issue.",
  "id": "GHSA-x462-89pf-6r5h",
  "modified": "2021-05-20T20:52:26Z",
  "published": "2021-05-21T16:23:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21404"
    },
    {
      "type": "WEB",
      "url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97"
    },
    {
      "type": "WEB",
      "url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/github.com/syncthing/syncthing"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Crash due to malformed relay protocol message"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.