Login Sign Up

CVE-2020-20665

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-20665 is a memory leak vulnerability in rudp v0.6's main.c component that allows attackers to cause denial of service through resource exhaustion. This affects systems using the vulnerable rudp library for reliable UDP communication. The vulnerability is particularly concerning for applications that handle high volumes of network traffic.

💻 Affected Systems

Products:
  • rudp
Versions: v0.6
Operating Systems: All platforms where rudp is deployed
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using rudp v0.6 for network communication is vulnerable regardless of configuration.

📦 What is this software?

Rudp by Rudp Project

View all CVEs affecting Rudp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption due to memory exhaustion, potentially leading to extended downtime and requiring manual intervention to restart affected services.

🟠

Likely Case

Gradual performance degradation and eventual service unavailability as memory consumption increases over time, particularly under sustained network load.

🟢

If Mitigated

Minimal impact with proper monitoring and restart mechanisms in place, though some performance degradation may still occur during peak usage.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending network traffic to trigger the memory leak, but no public exploit code has been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.7 or later

Vendor Advisory: https://github.com/cloudwu/rudp/issues/6

Restart Required: Yes

Instructions:

1. Check current rudp version. 2. Update to rudp v0.7 or later. 3. Recompile any applications using rudp. 4. Restart affected services.

🔧 Temporary Workarounds

Service Restart Schedule

linux

Implement regular service restarts to clear accumulated memory before exhaustion occurs

systemctl restart [service_name]

Memory Limit Enforcement

linux

Use cgroups or container limits to prevent complete system memory exhaustion

systemd-run --unit=rudp-service --slice=memory-low.slice --property=MemoryLimit=512M [command]

🧯 If You Can't Patch

  • Implement aggressive memory monitoring with automated alerts when usage exceeds thresholds
  • Deploy behind load balancers with health checks to fail over to healthy instances

🔍 How to Verify

Check if Vulnerable:

Check if rudp v0.6 is installed: find / -name "*rudp*" -type f 2>/dev/null | xargs grep -l "0.6"

Check Version:

strings /path/to/binary | grep -i rudp

Verify Fix Applied:

Verify rudp version is v0.7 or later: grep -r "rudp.*version" /path/to/application/

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory growth patterns in application logs
  • Frequent out-of-memory errors or crashes

Network Indicators:

  • Increased UDP traffic to affected services
  • Unusual packet patterns triggering the rudp implementation

SIEM Query:

source="*rudp*" AND ("memory" OR "crash" OR "restart")

📊 Metadata

CVE ID: CVE-2020-20665
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
Published: September 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-20665, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)