CVE-2021-4213

HIGH

JSS - Memory Corruption

Title source: llm

Description

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.

References (5)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2021-4213

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2042900

[Patch, Third Party Advisory] https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2

[Patch, Third Party Advisory] https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448

View Patch ZIP pw:eip

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2021-4213

Scores

CVSS v3 7.5

EPSS 0.0024

EPSS Percentile 46.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (4)

dogtagpki/network_security_services_for_java < 4.9.3

redhat/enterprise_linux

debian/debian_linux

debian/debian_linux

Timeline

Published Aug 24, 2022

Tracked Since Feb 18, 2026