A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-4213 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2042900 | Issue Tracking Patch Third Party Advisory |
https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 | Patch Third Party Advisory |
https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 | Patch Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2021-4213 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
29 Aug 2022, 13:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:dogtagpki:network_security_services_for_java:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Dogtagpki Redhat Dogtagpki network Security Services For Java Debian Redhat enterprise Linux |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://security-tracker.debian.org/tracker/CVE-2021-4213 - Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2021-4213 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2042900 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 - Patch, Third Party Advisory | |
CWE | CWE-401 |
24 Aug 2022, 16:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-24 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-4213
Mitre link : CVE-2021-4213
CVE.ORG link : CVE-2021-4213
JSON object : View
Products Affected
redhat
- enterprise_linux
dogtagpki
- network_security_services_for_java
debian
- debian_linux
CWE
CWE-401
Missing Release of Memory after Effective Lifetime