CVE-2021-4213
published 2022-08-24CVE-2021-4213: A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | jss | < jss 5.2.0-1 (bookworm) | jss 5.2.0-1 (bookworm) |
| dogtagpki | network_security_services_for_java | < 4.9.3 | 4.9.3 |
| dogtagpki | network_security_services_for_java | >= 5.0.0 < 5.1.0 | 5.1.0 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
GHSA
GHSA-727r-5fr6-wjfp: A flaw was found in JSS, where it did not properly free up all memory
ghsa_unreviewed·2022-08-25
CVE-2021-4213 [HIGH] CWE-401 GHSA-727r-5fr6-wjfp: A flaw was found in JSS, where it did not properly free up all memory
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
OSV
CVE-2021-4213: A flaw was found in JSS, where it did not properly free up all memory
osv·2022-08-24·CVSS 7.5
CVE-2021-4213 [HIGH] CVE-2021-4213: A flaw was found in JSS, where it did not properly free up all memory
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
Red Hat
JSS: memory leak in TLS connection leads to OOM
vendor_redhat·2022-02-09·CVSS 7.5
CVE-2021-4213 [HIGH] CWE-401 JSS: memory leak in TLS connection leads to OOM
JSS: memory leak in TLS connection leads to OOM
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
Package: jss (Red Hat Enterprise Linux 6) - Not affected
Package: jss (Red Hat Enterprise Linux 7) - Not affected
Package: jss (Red Hat Enterprise Linux 9) - Not affected
Debian
CVE-2021-4213: jss - A flaw was found in JSS, where it did not properly free up all memory. Over time...
vendor_debian·2021·CVSS 7.5
CVE-2021-4213 [HIGH] CVE-2021-4213: jss - A flaw was found in JSS, where it did not properly free up all memory. Over time...
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
Scope: local
bookworm: resolved (fixed in 5.2.0-1)
bullseye: open
forky: resolved (fixed in 5.2.0-1)
sid: resolved (fixed in 5.2.0-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/security/cve/CVE-2021-4213https://bugzilla.redhat.com/show_bug.cgi?id=2042900https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448https://security-tracker.debian.org/tracker/CVE-2021-4213https://access.redhat.com/security/cve/CVE-2021-4213https://bugzilla.redhat.com/show_bug.cgi?id=2042900https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448https://security-tracker.debian.org/tracker/CVE-2021-4213
2022-08-24
Published