Missing Release of Resource after Effective Lifetime

CVE-2021-42075

High

7.5/10

Summary

An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-772 - Missing Release Of Resource After Effective Lifetime

'Missing release of resource after effective lifetime' is a weakness that occurs when software doesn't sufficiently release a resource (e.g. memory, CPU, disk space, etc.) after it is used. If not addressed, attackers can launch a denial of service attack (by allocating a resource and not releasing it).

References

Advisory Timeline

Published Nov 08, 2021

Missing Release of Resource after Effective Lifetime

CVE-2021-42075

Summary

CWE-772 - Missing Release Of Resource After Effective Lifetime

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS