CVE-2021-42076 - log back

CVE-2021-42076 edited at 02 Nov 2021 12:42:36
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue has been found in Barrier before version 2.3.4. There is no check against overlong messages being sent by clients, so they can send up to 2^32 - 1 bytes, causing unauthenticated remote denial of service via excessive heap memory allocations. Multiple connections can be used to abuse this in parallel and cause even higher memory allocation, if necessary.
References
+ https://www.openwall.com/lists/oss-security/2021/11/02/4
+ https://github.com/debauchee/barrier/pull/1347
CVE-2021-42076 created at 02 Nov 2021 12:28:17