Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crash due to malformed relay protocol message
Vulnerability Description
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Jakob Borg syncthing 输入验证错误漏洞
Vulnerability Description
Jakob Borg syncthing是Jakob Borg开源的一个应用软件。一个连续的文件同步程序。 Syncthing before version 1.15.0 存在安全漏洞,该漏洞源于可能会因发送带有负长度字段的中继消息而崩溃并退出。
CVSS Information
N/A
Vulnerability Type
N/A