CVE-2021-42075

Published: Nov 8, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.

Affected (1)

Products: Barrier Project: Barrier

Barrier Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Barrier Project Barrier	Before 2.3.4

Related CWEs

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (4)

http://www.openwall.com/lists/oss-security/2021/11/02/4

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://github.com/debauchee/barrier/releases/tag/v2.3.4

Source: cve@mitre.org

Release NotesThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/11/02/4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://github.com/debauchee/barrier/releases/tag/v2.3.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.