CVE-2021-37625

Incorrect Check of Function Return Value in Skytable

CVSS 7.5 HIGHEPSS 0.9%CWE-252 CWE-253

In short

Skytable database server crashes when it receives certain incomplete network connections, causing the entire database to shut down. An attacker can easily trigger this without needing special tools, causing denial of service.

Technical detail

A faulty return value check on the accept() function in Skytable's TCP/TLS socket event loop causes premature loop termination and server shutdown. Attack vectors include incomplete TLS handshakes and specially crafted TCP packets that trigger the backoff algorithm; this allows unauthenticated remote DoS with minimal bandwidth.

Summary generated and translated by AI from the official description.

Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

skytable · skytable

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7 https://security.skytable.io/ve/s/00002.html