Barrier Project Barrier vulnerabilities

5 known vulnerabilities affecting barrier_project/barrier.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5

Vulnerabilities

Page 1 of 1
CVE-2021-42074HIGHCVSS 7.5fixed in 2.3.42021-11-08
CVE-2021-42074 [HIGH] CWE-416 CVE-2021-42074: An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentatio An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session.
nvd
CVE-2021-42075HIGHCVSS 7.5fixed in 2.3.42021-11-08
CVE-2021-42075 [HIGH] CWE-772 CVE-2021-42075: An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side impleme An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.
nvd
CVE-2021-42076HIGHCVSS 7.5fixed in 2.3.42021-11-08
CVE-2021-42076 [HIGH] CWE-787 CVE-2021-42076: An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barr An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.
nvd
CVE-2021-42073HIGHCVSS 8.2fixed in 2.4.02021-11-08
CVE-2021-42073 [HIGH] CWE-384 CVE-2021-42073: An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly avail
nvd
CVE-2021-42072HIGHCVSS 8.8fixed in 2.4.02021-11-08
CVE-2021-42072 [HIGH] CWE-287 CVE-2021-42072: An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side impleme An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corru
nvd