CVE-2021-37625 (GCVE-0-2021-37625)
Vulnerability from cvelistv5
Published
2021-08-05 17:15
Modified
2024-08-04 01:23
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-252 - Unchecked Return Value
  • CWE-253 - Incorrect Check of Function Return Value
Summary
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm.
References
Impacted products
Vendor Product Version
skytable skytable Version: < 0.6.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:23:01.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.skytable.io/ve/s/00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "skytable",
          "vendor": "skytable",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.6.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252: Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-253",
              "description": "CWE-253: Incorrect Check of Function Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-05T17:15:09",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.skytable.io/ve/s/00002.html"
        }
      ],
      "source": {
        "advisory": "GHSA-q27r-h25m-hcc7",
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect Check of Function Return Value in Skytable",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-37625",
          "STATE": "PUBLIC",
          "TITLE": "Incorrect Check of Function Return Value in Skytable"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "skytable",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.6.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "skytable"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-252: Unchecked Return Value"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-253: Incorrect Check of Function Return Value"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7",
              "refsource": "CONFIRM",
              "url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7"
            },
            {
              "name": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d",
              "refsource": "MISC",
              "url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d"
            },
            {
              "name": "https://security.skytable.io/ve/s/00002.html",
              "refsource": "MISC",
              "url": "https://security.skytable.io/ve/s/00002.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-q27r-h25m-hcc7",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-37625",
    "datePublished": "2021-08-05T17:15:09",
    "dateReserved": "2021-07-29T00:00:00",
    "dateUpdated": "2024-08-04T01:23:01.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-37625\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-08-05T18:15:07.443\",\"lastModified\":\"2024-11-21T06:15:32.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm.\"},{\"lang\":\"es\",\"value\":\"Skytable es una base de datos NoSQL de c\u00f3digo abierto. En versiones anteriores a 0.6.4, una comprobaci\u00f3n incorrecta del valor de retorno de la funci\u00f3n accept en el bucle de ejecuci\u00f3n para un socket TCP/socket TLS/multisocket TCP+TLS causa una salida anticipada del bucle de ejecuci\u00f3n que deber\u00eda continuar infinitamente a menos que sea terminado por un usuario local, causando efectivamente el cierre de todo el servidor de base de datos. Esto presenta un impacto severo y puede ser usado para causar f\u00e1cilmente ataques DoS sin necesidad de usar mucho ancho de banda. Los vectores de ataque incluyen el uso de una conexi\u00f3n TLS incompleta, por ejemplo, no proporcionando el certificado para la conexi\u00f3n, y usando de un paquete TCP especialmente dise\u00f1ado que desencadena el algoritmo de backoff de la capa de aplicaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"},{\"lang\":\"en\",\"value\":\"CWE-253\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B7A0023-9DCA-437D-BCF7-6E1EA2899E27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790FC927-0EBF-4AE6-A4B4-90310C149DE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"129E6A3A-81EB-4584-AE12-1B9A74699747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D48FA2A6-1FDF-4677-8ABF-DF3BE6935284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"001BF079-4783-4197-8D43-367535FAD983\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BFB2633-7F65-45AA-AC30-461CA771A770\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19C54D4B-2164-483C-A9C5-9F60F6B2D512\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4431E8E5-BFA8-4DD1-81D1-9A092EE362D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4335E944-F8E7-4C35-9BE9-4007D10B9A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EDF3B93-D0FA-451D-8DD4-18F7A417A8E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C23C9BA7-AC91-4EA8-BAAC-03A545C4E499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C64C814B-E134-40F4-B2BC-AB7A8D7A04AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95DF9168-46E2-4A19-A9A2-7A6334FA9C4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280D42AA-9441-437D-BAC6-73DCA0A7C0DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2284DFFE-9C99-4877-886A-E79D7DBD8E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2B7E5F-9305-4FFE-8C15-7D9BC9C514C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE19B368-C086-4575-99E2-F9BEBE7DB161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:skytable:skytable:0.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAEFFEC6-4B0A-49FC-BFEF-434E4384763D\"}]}]}],\"references\":[{\"url\":\"https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.skytable.io/ve/s/00002.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.skytable.io/ve/s/00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.