GHSA-x462-89pf-6r5h

Source

https://github.com/advisories/GHSA-x462-89pf-6r5h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-x462-89pf-6r5h/GHSA-x462-89pf-6r5h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x462-89pf-6r5h

Aliases

Published

2021-05-21T16:23:17Z

Modified

2024-08-21T15:58:40.629285Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Crash due to malformed relay protocol message

Details

Impact

syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field.
The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field.

At no point is sensitive data exposed or liable to be altered due to this issue. Sensitive data is never exposed to relay operators. Syncthing itself would need to be lured to connect to a malicious relay server in order to exploit the issue.

Patches

Fixed in version 1.15.0.

Workarounds

No known workaround for strelaysrv.
syncthing can be configured to not use relays, or to only use specific, trusted relays. If Syncthing is used in a closed environment or with relaying disabled, i.e., it does not communicate with unknown relays, Syncthing is not vulnerable.

For more information

If you have any questions or comments about this advisory, please discuss it on the forum.

Thanks to Wojciech Paciorek for discovering and reporting this issue.

References

Affected packages

Go / github.com/syncthing/syncthing

Package

Name: github.com/syncthing/syncthing; View open source insights on deps.dev
Purl: pkg:golang/github.com/syncthing/syncthing

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.15.0