CVE-2021-42075Missing Release of Resource after Effective Lifetime in Project Barrier

CWE-772Missing Release of Resource after Effective LifetimeCWE-400Uncontrolled Resource Consumption2 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Barrier Project Barrier
Timeline
PublishedNov 8
Latest updateMay 24

Description

An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-c58c-q645-27mc: An issue was discovered in Barrier before 22022-05-24
CVE-2021-42075 — Barrier Project Barrier vulnerability | cvebase