Vulnerability Name: | CVE-2021-4213 (CCN-234328) | ||||||||||||||||||
Assigned: | 2022-02-09 | ||||||||||||||||||
Published: | 2022-02-09 | ||||||||||||||||||
Updated: | 2022-08-29 | ||||||||||||||||||
Summary: | A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. | ||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||
CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||||||||
Vulnerability Type: | CWE-401 | ||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-4213 Source: MISC Type: Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-4213 Source: CCN Type: Red Hat Bugzilla - Bug 2042900 (CVE-2021-4213) - CVE-2021-4213 JSS: memory leak in TLS connection leads to OOM Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2042900 Source: XF Type: UNKNOWN dogtag-cve20214213-dos(234328) Source: CCN Type: JSS GIT Repository Additional fix for TLS connection I missed from original patch Source: MISC Type: Patch, Third Party Advisory https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 Source: MISC Type: Patch, Third Party Advisory https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 Source: MISC Type: Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2021-4213 | ||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Configuration RedHat 2: ![]() | ||||||||||||||||||
Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
BACK |