CVE Vulnerability

CVE-2021-4213

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 Patch Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-4213 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-4213 Third Party Advisory
https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2042900 Issue Tracking Patch
Configurations

Configuration 1

cpe:2.3:a:dogtagpki:network_security_services_for_java:*:*:*:*:*:*:*:*
cpe:2.3:a:dogtagpki:network_security_services_for_java:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Information

Published : 2022-08-24 04:15

Updated : 2022-08-29 01:19

NVD link : CVE-2021-4213

Mitre link : CVE-2021-4213

Products Affected
No products.
CWE
CWE-401