{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T16:16:39.175","vulnerabilities":[{"cve":{"id":"CVE-2021-21404","sourceIdentifier":"security-advisories@github.com","published":"2021-04-06T20:15:13.490","lastModified":"2024-11-21T05:48:17.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0."},{"lang":"es","value":"Syncthing es un programa de sincronización de archivos continua. En Syncthing versiones anteriores a 1.15.0, el servidor de retransmisión \"strelaysrv\" puede causar un bloqueo y salida mediante el envío de un mensaje de retransmisión con un campo de longitud negativa. De manera similar, Syncthing en sí puede presentar un fallo por la misma razón si recibe un mensaje malformado de un servidor de retransmisión malicioso al intentar unirse a la retransmisión. Las uniones de retransmisiones son esencialmente aleatorias (de un subconjunto de retransmisiones de baja latencia) y Syncthing se reiniciará por defecto cuando se bloquee, momento en el que es probable que elija otra retransmisión no maliciosa. Este fallo es corregido en la versión 1.15.0"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:syncthing:syncthing:*:*:*:*:*:*:*:*","versionEndExcluding":"1.15.0","matchCriteriaId":"13E0DFD1-14D6-4A2D-B98C-1C581D11E2F0"}]}]}],"references":[{"url":"https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/syncthing/syncthing/releases/tag/v1.15.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://pkg.go.dev/github.com/syncthing/syncthing","source":"security-advisories@github.com","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/syncthing/syncthing/releases/tag/v1.15.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://pkg.go.dev/github.com/syncthing/syncthing","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]}]}}]}