---

CVE-2021-42075 - log back

CVE-2021-42075 edited at 02 Nov 2021 12:42:27
References	https://www.openwall.com/lists/oss-security/2021/11/02/4 https://github.com/debauchee/barrier/pull/1350 - https://github.com/debauchee/barrier/pull/1347
Notes

CVE-2021-42075 edited at 02 Nov 2021 12:42:16
References	https://www.openwall.com/lists/oss-security/2021/11/02/4 https://github.com/debauchee/barrier/pull/1350 + https://github.com/debauchee/barrier/pull/1347

CVE-2021-42075 edited at 02 Nov 2021 12:40:50
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ A security issue has been found in Barrier before version 2.3.4. The daemon does not correctly close client sockets causing permanent file descriptor exhaustion and thus remote denial of service within a couple of seconds by just opening and closing connections. + + After 1023 file descriptors are open the server will still react to connection requests, but will fail to open its own local certificate and thus close the connection prematurely. This issue could be used as an additional attack vector during other stages of the protocol to trigger file/socket open failures with potentially security related effects.
References	+ https://www.openwall.com/lists/oss-security/2021/11/02/4 + https://github.com/debauchee/barrier/pull/1350

CVE-2021-42075 created at 02 Nov 2021 12:28:17