Security vulnerabilities in version 2.7.1

This page lists all known and fixed security vulnerabilities in version 2.7.1 (back to the list of all versions).

Overview: 2 vulnerabilities

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2024-1 CVE-2024-46613 3.8
Integer overflow in loops on lists. Integer Overflow or Wraparound Core, Plugins 0.1.6 → 4.4.1 4.4.2
WSA-2021-1 CVE-2021-40516 7.5
Crash on malformed websocket frame in relay plugin. Out-of-bounds read Relay 0.4.1 → 3.2 3.2.1

WSA-2024-1: [Core, Plugins] Integer overflow in loops on lists.

Vulnerability
CVE
CVE-2024-46613 [ MITRE / NVD ]
CVSS vector
AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C (detail)
CVSS score
3.8 / 10
Severity
low
Vulnerability type
Integer Overflow or Wraparound
Scope
Core, Plugins
Affected versions
0.1.6 → 4.4.1
Fixed version
4.4.2 () - ChangeLog
Tracker
Description
An integer overflow can happen when looping over items in a list.
This can only happen in rare conditions on 32 and 64-bit systems, as the list must contain more than 2,147,483,647 elements.
On 16-bit systems, this happens with a list that contains more than 32,767 elements.
Mitigation
There is no known mitigation.
The upgrade to the latest stable version is highly recommended.
Credit
The issue was discovered by Yiheng Cao.

WSA-2021-1: [Relay] Crash on malformed websocket frame in relay plugin.

Vulnerability
CVE
CVE-2021-40516 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (detail)
CVSS score
7.5 / 10
Severity
high
Vulnerability type
Out-of-bounds read (detail)
Scope
Relay
Affected versions
0.4.1 → 3.2
Fixed version
3.2.1 () - ChangeLog
Tracker
Not available
Commits
Description
A crash happens when decoding a malformed websocket frame in relay plugin.
This happens even if a password is set in relay plugin, the malformed websocket frame can be received before the authentication of the client.
Mitigation
There are multiple ways to mitigate this issue:
Credit
The issue was discovered by Stuart Nevans Locke.