In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Reference: https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h Fix: https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97
Created syncthing tracking bugs for this issue: Affects: epel-8 [bug 1948984] Affects: fedora-all [bug 1948983]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.