CVE-2021-4213
Summary
| CVE | CVE-2021-4213 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-24 16:15:00 UTC |
|---|
| Updated | 2022-08-29 13:19:00 UTC |
|---|
| Description | A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Fix memory leak on each TLS connection · dogtagpki/jss@5922560 · GitHub |
MISC |
github.com |
|
| CVE-2021-4213 |
MISC |
security-tracker.debian.org |
|
| 2042900 – (CVE-2021-4213) CVE-2021-4213 JSS: memory leak in TLS connection leads to OOM |
MISC |
bugzilla.redhat.com |
|
| Additional fix for TLS connection I missed from original patch · dogtagpki/jss@3aabe0e · GitHub |
MISC |
github.com |
|
| Red Hat Customer Portal - Access to 24x7 support and knowledge |
MISC |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159837 Oracle Enterprise Linux Security Update for pki-core:10.6 (ELSA-2022-1851)
- 182303 Debian Security Update for jss (CVE-2021-4213)
- 240289 Red Hat Update for pki-core:10.6 (RHSA-2022:1851)
- 940497 AlmaLinux Security Update for pki-core:10.6 (ALSA-2022:1851)
- 960436 Rocky Linux Security Update for pki-core:10.6 (RLSA-2022:1851)
