CVE-2021-37625

Name of the Vulnerable Software and Affected Versions Skytable versions prior to 0.6.4

Description The issue is related to an incorrect check of the return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket, causing an early exit from the run loop. This can be exploited to shut down the whole database server, allowing for easy Denial of Service (DoS) attacks without requiring significant bandwidth. Attack vectors include using an incomplete TLS connection, such as not providing a certificate, and using a specially crafted TCP packet to trigger the application layer backoff algorithm.

Recommendations For versions prior to 0.6.4, update to version 0.6.4 or later to resolve the issue. As a temporary workaround, consider implementing additional monitoring and restart mechanisms for the database server to minimize downtime in case of an attack. Restrict access to the database server to minimize the risk of exploitation. Avoid using incomplete TLS connections and ensure that all TCP packets are properly validated to prevent triggering the application layer backoff algorithm.