Vulnerability Details : CVE-2021-42075

An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.

Vulnerability category: Denial of service

Published 2021-11-08 04:15:09

Updated 2022-07-12 17:42:04

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-42075

Probability of exploitation activity in the next 30 days: 0.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-42075

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-42075

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Assigned by: [email protected] (Primary)

References for CVE-2021-42075

http://www.openwall.com/lists/oss-security/2021/11/02/4

Exploit;Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/debauchee/barrier/releases/tag/v2.3.4

Release Notes;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2021-42075

Barrier Project » Barrier
Versions before (<) 2.3.4
cpe:2.3:a:barrier_project:barrier:*:*:*:*:*:*:*:*
Matching versions