FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

syncthing -- crash due to malformed relay protocol message

Affected packages
syncthing < 1.15.0

Details

VuXML ID 9ee01e60-6045-43df-98e5-a794007e54ef
Discovery 2021-04-06
Entry 2021-04-12

syncthing developers report:

syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field.

The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field.

[source]

References

CVE Name CVE-2021-21404
URL https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.