CVE-2021-37625
📋 TL;DR
CVE-2021-37625 is a denial-of-service vulnerability in Skytable database servers where incorrect error handling in socket acceptance causes the server to exit its main run loop and shut down. Attackers can trigger this using incomplete TLS connections or specially crafted TCP packets, causing complete service disruption. Anyone running vulnerable Skytable versions with network exposure is affected.
💻 Affected Systems
- Skytable
📦 What is this software?
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
Skytable by Skytable
⚠️ Risk & Real-World Impact
Worst Case
Complete database server shutdown leading to sustained service unavailability and data inaccessibility
Likely Case
Service disruption requiring manual restart, potentially causing application downtime
If Mitigated
Minimal impact if patched or network-restricted, with possible brief connection issues
🎯 Exploit Status
Exploitation requires network access but no authentication; attack vectors clearly documented in advisory
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.6.4 and later
Vendor Advisory: https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7
Restart Required: Yes
Instructions:
1. Stop Skytable service. 2. Update to version 0.6.4 or later using package manager or manual installation. 3. Restart Skytable service.
🔧 Temporary Workarounds
Network Restriction
linuxRestrict network access to Skytable using firewall rules
iptables -A INPUT -p tcp --dport 2003 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 2003 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit connections to trusted sources only
- Deploy Skytable behind a reverse proxy with connection validation and rate limiting
🔍 How to Verify
Check if Vulnerable:
Check Skytable version; if version < 0.6.4, system is vulnerableCheck Version:
skytable --versionVerify Fix Applied:
Confirm version is 0.6.4 or later and test connectivity with incomplete TLS handshake📡 Detection & Monitoring
Log Indicators:
- Unexpected server shutdown messages
- Run loop exit logs
- Connection errors from incomplete TLS handshakes
Network Indicators:
- Multiple incomplete TLS connections from single source
- TCP packets with unusual flags triggering backoff
SIEM Query:
source="skytable.log" AND ("shutdown" OR "exit" OR "run loop")🔗 References
- https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d
- https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7
- https://security.skytable.io/ve/s/00002.html
- https://github.com/skytable/skytable/commit/bb19d024ea1e5e0c9a3d75a9ee58ff03c70c7e5d
- https://github.com/skytable/skytable/security/advisories/GHSA-q27r-h25m-hcc7
- https://security.skytable.io/ve/s/00002.html
