CVE-2021-37625

{"id": "CVE-2021-37625", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-05T18:15:07.443", "references": [{"url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://security.skytable.io/ve/s/00002.html", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.skytable.io/ve/s/00002.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-253"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-252"}]}], "descriptions": [{"lang": "en", "value": "Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm."}, {"lang": "es", "value": "Skytable es una base de datos NoSQL de c\u00f3digo abierto. En versiones anteriores a 0.6.4, una comprobaci\u00f3n incorrecta del valor de retorno de la funci\u00f3n accept en el bucle de ejecuci\u00f3n para un socket TCP/socket TLS/multisocket TCP+TLS causa una salida anticipada del bucle de ejecuci\u00f3n que deber\u00eda continuar infinitamente a menos que sea terminado por un usuario local, causando efectivamente el cierre de todo el servidor de base de datos. Esto presenta un impacto severo y puede ser usado para causar f\u00e1cilmente ataques DoS sin necesidad de usar mucho ancho de banda. Los vectores de ataque incluyen el uso de una conexi\u00f3n TLS incompleta, por ejemplo, no proporcionando el certificado para la conexi\u00f3n, y usando de un paquete TCP especialmente dise\u00f1ado que desencadena el algoritmo de backoff de la capa de aplicaci\u00f3n"}], "lastModified": "2024-11-21T06:15:32.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skytable:skytable:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B7A0023-9DCA-437D-BCF7-6E1EA2899E27"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "790FC927-0EBF-4AE6-A4B4-90310C149DE3"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "129E6A3A-81EB-4584-AE12-1B9A74699747"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D48FA2A6-1FDF-4677-8ABF-DF3BE6935284"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "001BF079-4783-4197-8D43-367535FAD983"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BFB2633-7F65-45AA-AC30-461CA771A770"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19C54D4B-2164-483C-A9C5-9F60F6B2D512"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4431E8E5-BFA8-4DD1-81D1-9A092EE362D9"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4335E944-F8E7-4C35-9BE9-4007D10B9A35"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EDF3B93-D0FA-451D-8DD4-18F7A417A8E8"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C23C9BA7-AC91-4EA8-BAAC-03A545C4E499"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C64C814B-E134-40F4-B2BC-AB7A8D7A04AC"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95DF9168-46E2-4A19-A9A2-7A6334FA9C4B"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "280D42AA-9441-437D-BAC6-73DCA0A7C0DF"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2284DFFE-9C99-4877-886A-E79D7DBD8E8A"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2B7E5F-9305-4FFE-8C15-7D9BC9C514C5"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE19B368-C086-4575-99E2-F9BEBE7DB161"}, {"criteria": "cpe:2.3:a:skytable:skytable:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAEFFEC6-4B0A-49FC-BFEF-434E4384763D"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}