7.5

CVE-2021-4213

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DogtagpkiNetwork Security Services For Java Version >= 5.0.0 < 5.1.0
RedhatEnterprise Linux Version8.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.2% 0.641
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://access.redhat.com/security/cve/CVE-2021-4213
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2042900
Patch
Third Party Advisory
Issue Tracking
https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2
Patch
Third Party Advisory
https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
Patch
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-4213
Third Party Advisory