GO-2022-0888 Crash due to malformed relay protocol message in github.com/syncthing/syncthing

Crash due to malformed relay protocol message in github.com/syncthing/syncthing...

Nervos CKB P2P DoS Attacks

The P2P protocols lack of rate limit. For example, in relay protocol, when a node receives a broadcasted txhashes, it will mark it in memory to avoid duplicated requests. code → . It is easy to establish a DoS attach by generating random tx hashes. Impact It affects all nodes connected to the P2P...

GHSA-84X2-2QV6-QG56 Nervos CKB P2P DoS Attacks

The P2P protocols lack of rate limit. For example, in relay protocol, when a node receives a broadcasted txhashes, it will mark it in memory to avoid duplicated requests. code → . It is easy to establish a DoS attach by generating random tx hashes. Impact It affects all nodes connected to the P2P...

GHSA-X462-89PF-6R5H Crash due to malformed relay protocol message

Impact 1. syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field. 2. The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field. At no point is sensitive dat...

Denial Of Service (DoS)

github.com/syncthing/syncthing is vulnerable to denial of service. An attacker is able to crash the application by sending a malicious relay protocol message containing a negative length field...

syncthing -- crash due to malformed relay protocol message

syncthing developers report: syncthing can be caused to crash and exit if sent a malformed relay protocol message message with a negative length field. The relay server strelaysrv can be caused to crash and exit if sent a malformed relay protocol message with a negative length field...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 srctrack, 2 usemfstmpsize, or 3 usemfsvarsize parameter to systemadvancedmisc.php; the 4 port, 5 snaplen, or 6 count parameter to diagpacketcapture.php...