Skip to content

Crash due to malformed relay protocol message

Low severity GitHub Reviewed Published Apr 6, 2021 in syncthing/syncthing • Updated Feb 1, 2023

Package

gomod github.com/syncthing/syncthing (Go)

Affected versions

< 1.15.0

Patched versions

1.15.0

Description

Impact

  1. syncthing can be caused to crash and exit if sent a malformed relay
    protocol message message with a negative length field.

  2. The relay server strelaysrv can be caused to crash and exit if sent
    a malformed relay protocol message with a negative length field.

At no point is sensitive data exposed or liable to be altered due to this
issue. Sensitive data is never exposed to relay operators. Syncthing itself
would need to be lured to connect to a malicious relay server in order to
exploit the issue.

Patches

Fixed in version 1.15.0.

Workarounds

  1. No known workaround for strelaysrv.

  2. syncthing can be configured to not use relays, or to only use specific,
    trusted relays. If Syncthing is used in a closed environment or with
    relaying disabled, i.e., it does not communicate with unknown relays,
    Syncthing is not vulnerable.

For more information

If you have any questions or comments about this advisory, please discuss it on the forum.

Thanks to Wojciech Paciorek for discovering and reporting this issue.

References

@calmh calmh published to syncthing/syncthing Apr 6, 2021
Published by the National Vulnerability Database Apr 6, 2021
Reviewed May 20, 2021
Published to the GitHub Advisory Database May 21, 2021
Last updated Feb 1, 2023

Severity

Low

EPSS score

0.235%
(61st percentile)

Weaknesses

CVE ID

CVE-2021-21404

GHSA ID

GHSA-x462-89pf-6r5h

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.