How severe is CVE-2021-37625?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-37625?

This is classified as CWE-252, which is a common weakness in software security.

CVE-2021-37625 - HIGH Severity | CVSS 7.5

Vulnerability Description

Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, effectively causing the whole database server to shut down. This has severe impact and can be used to easily cause DoS attacks without the need to use much bandwidth. The attack vectors include using an incomplete TLS connection for example by not providing the certificate for the connection and using a specially crafted TCP packet that triggers the application layer backoff algorithm.

Related Vulnerabilities

CVE-2002-1372

HIGH

CVSS:7.5(High)

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of servi...

CWE-2522002

CVE-2009-0265

HIGH

CVSS:7.5(High)

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the c...

CWE-2522009

CVE-2018-14367

HIGH

CVSS:7.5(High)

In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.

CWE-2522018

CVE-2018-20216

HIGH

CVSS:7.5(High)

QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).

CWE-2522018

CVE-2019-10902

HIGH

CVSS:7.5(High)

In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

CWE-2522019

CVE-2019-12107

HIGH

CVSS:7.5(High)

The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd through 2.1 allows a remote attacker to leak information from the heap due to improper validation of an snprintf return value.

CWE-2522019