CVE-2021-21404 - OpenCVE

Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Syncthing	Syncthing

Configuration 1 [-]

cpe:2.3:a:syncthing:syncthing:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97
https://github.com/syncthing/syncthing/releases/tag/v1.15.0
https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h
https://pkg.go.dev/github.com/syncthing/syncthing

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-04-06T20:00:15

Updated: 2024-08-03T18:09:16.158Z

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21404

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-06T20:15:13.490

Modified: 2021-04-14T18:00:32.527

Link: CVE-2021-21404

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "syncthing", "vendor": "syncthing", "versions": [{"status": "affected", "version": "< 1.15.0"}]}], "descriptions": [{"lang": "en", "value": "Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-06T20:00:15", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h"}, {"tags": ["x_refsource_MISC"], "url": "https://pkg.go.dev/github.com/syncthing/syncthing"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0"}], "source": {"advisory": "GHSA-x462-89pf-6r5h", "discovery": "UNKNOWN"}, "title": "Crash due to malformed relay protocol message", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21404", "STATE": "PUBLIC", "TITLE": "Crash due to malformed relay protocol message"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "syncthing", "version": {"version_data": [{"version_value": "< 1.15.0"}]}}]}, "vendor_name": "syncthing"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h", "refsource": "CONFIRM", "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h"}, {"name": "https://pkg.go.dev/github.com/syncthing/syncthing", "refsource": "MISC", "url": "https://pkg.go.dev/github.com/syncthing/syncthing"}, {"name": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97", "refsource": "MISC", "url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97"}, {"name": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0", "refsource": "MISC", "url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0"}]}, "source": {"advisory": "GHSA-x462-89pf-6r5h", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:09:16.158Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pkg.go.dev/github.com/syncthing/syncthing"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21404", "datePublished": "2021-04-06T20:00:15", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:16.158Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:syncthing:syncthing:*:*:*:*:*:*:*:*", "matchCriteriaId": "13E0DFD1-14D6-4A2D-B98C-1C581D11E2F0", "versionEndExcluding": "1.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0."}, {"lang": "es", "value": "Syncthing es un programa de sincronizaci\u00f3n de archivos continua. En Syncthing versiones anteriores a 1.15.0, el servidor de retransmisi\u00f3n \"strelaysrv\" puede causar un bloqueo y salida mediante el env\u00edo de un mensaje de retransmisi\u00f3n con un campo de longitud negativa. De manera similar, Syncthing en s\u00ed puede presentar un fallo por la misma raz\u00f3n si recibe un mensaje malformado de un servidor de retransmisi\u00f3n malicioso al intentar unirse a la retransmisi\u00f3n. Las uniones de retransmisiones son esencialmente aleatorias (de un subconjunto de retransmisiones de baja latencia) y Syncthing se reiniciar\u00e1 por defecto cuando se bloquee, momento en el que es probable que elija otra retransmisi\u00f3n no maliciosa. Este fallo es corregido en la versi\u00f3n 1.15.0"}], "id": "CVE-2021-21404", "lastModified": "2021-04-14T18:00:32.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-04-06T20:15:13.490", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/syncthing/syncthing/releases/tag/v1.15.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h"}, {"source": "security-advisories@github.com", "tags": ["Product", "Third Party Advisory"], "url": "https://pkg.go.dev/github.com/syncthing/syncthing"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Primary"}]}