CVE-2021-4213
First published: Thu Jan 20 2022(Updated: )
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dogtagpki Network Security Services For Java | <4.9.3 | |
| Dogtagpki Network Security Services For Java | >=5.0.0<5.1.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| redhat/jss | <5.1.0 | 5.1.0 |
| redhat/jss | <4.9.3 | 4.9.3 |
| debian/jss | <=4.8.0-2 | 5.3.0-1 5.5.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2021-4213
- https://bugzilla.redhat.com/show_bug.cgi?id=2042900
- https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2
- https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
- https://security-tracker.debian.org/tracker/CVE-2021-4213
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2052632
- https://access.redhat.com/errata/RHSA-2022:1851
- https://access.redhat.com/security/cve/cve-2021-4213
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2011102
- https://access.redhat.com/errata/RHSA-2024:0774
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2021-4213.
What is the severity of CVE-2021-4213?
The severity of CVE-2021-4213 is high (7.5).
How does this flaw impact the affected software?
This flaw allows an attacker to cause a denial of service by forcing the invocation of an out-of-memory process, which can saturate the server's RAM.
Which software versions are affected by CVE-2021-4213?
The affected software versions include Dogtagpki Network Security Services for Java up to version 4.9.3, and versions between 5.0.0 and 5.1.0. Redhat Enterprise Linux 8.0, Debian Debian Linux 10.0, and Debian Debian Linux 11.0 are also affected.
How can I fix CVE-2021-4213?
To fix CVE-2021-4213, update the affected software to version 5.1.0 for Redhat systems or follow the available remedies for other distributions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-4213
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- vendor/dogtagpki
- canonical/dogtagpki network security services for java
- version/dogtagpki network security services for java/5.0.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- package-manager/redhat
- package-manager/debian