CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CVE-2021-29453 (GCVE-0-2021-29453)
Vulnerability from cvelistv5 – Published: 2021-04-19 18:55 – Updated: 2024-08-03 22:02
VLAI
Title
Denial of service through memory exhaustion
Summary
matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability.
Severity
5.7 (Medium)
CWE
- CWE-400 - {"CWE-400":"Uncontrolled Resource Consumption"}
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/turt2live/matrix-media-repo/se… | x_refsource_CONFIRM |
| https://hub.docker.com/r/turt2live/matrix-media-r… | x_refsource_MISC |
| https://github.com/turt2live/matrix-media-repo/re… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| turt2live | matrix-media-repo |
Affected:
<= 1.2.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "matrix-media-repo",
"vendor": "turt2live",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T18:55:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7"
}
],
"source": {
"advisory": "GHSA-j889-h476-hh9h",
"discovery": "UNKNOWN"
},
"title": "Denial of service through memory exhaustion",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29453",
"STATE": "PUBLIC",
"TITLE": "Denial of service through memory exhaustion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "matrix-media-repo",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.2.6"
}
]
}
}
]
},
"vendor_name": "turt2live"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "matrix-media-repo is an open-source multi-domain media repository for Matrix. Versions 1.2.6 and earlier of matrix-media-repo do not properly handle malicious images which are crafted to be small in file size, but large in complexity. A malicious user could upload a relatively small image in terms of file size, using particular image formats, which expands to have extremely large dimensions during the process of thumbnailing. The server can be exhausted of memory in the process of trying to load the whole image into memory for thumbnailing, leading to denial of service. Version 1.2.7 has a fix for the vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h",
"refsource": "CONFIRM",
"url": "https://github.com/turt2live/matrix-media-repo/security/advisories/GHSA-j889-h476-hh9h"
},
{
"name": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated",
"refsource": "MISC",
"url": "https://hub.docker.com/r/turt2live/matrix-media-repo/tags?page=1\u0026ordering=last_updated"
},
{
"name": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7",
"refsource": "MISC",
"url": "https://github.com/turt2live/matrix-media-repo/releases/tag/v1.2.7"
}
]
},
"source": {
"advisory": "GHSA-j889-h476-hh9h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29453",
"datePublished": "2021-04-19T18:55:13.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29469 (GCVE-0-2021-29469)
Vulnerability from cvelistv5 – Published: 2021-04-23 18:10 – Updated: 2024-08-03 22:11
VLAI
Title
Potential exponential regex in monitor mode
Summary
Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.
Severity
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/NodeRedis/node-redis/security/… | x_refsource_CONFIRM |
| https://github.com/NodeRedis/node-redis/commit/2d… | x_refsource_MISC |
| https://github.com/NodeRedis/node-redis/releases/… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021061… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NodeRedis | node-redis |
Affected:
< 3.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "node-redis",
"vendor": "NodeRedis",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T10:06:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0010/"
}
],
"source": {
"advisory": "GHSA-35q2-47q7-3pc3",
"discovery": "UNKNOWN"
},
"title": "Potential exponential regex in monitor mode",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29469",
"STATE": "PUBLIC",
"TITLE": "Potential exponential regex in monitor mode"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "node-redis",
"version": {
"version_data": [
{
"version_value": "\u003c 3.1.1"
}
]
}
}
]
},
"vendor_name": "NodeRedis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3",
"refsource": "CONFIRM",
"url": "https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3"
},
{
"name": "https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e",
"refsource": "MISC",
"url": "https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e"
},
{
"name": "https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1",
"refsource": "MISC",
"url": "https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210611-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210611-0010/"
}
]
},
"source": {
"advisory": "GHSA-35q2-47q7-3pc3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29469",
"datePublished": "2021-04-23T18:10:15.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29471 (GCVE-0-2021-29471)
Vulnerability from cvelistv5 – Published: 2021-05-11 15:05 – Updated: 2024-08-03 22:11
VLAI
Title
Denial of service in Matrix Synapse
Summary
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.
Severity
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/matrix-org/synapse/security/ad… | x_refsource_CONFIRM |
| https://github.com/matrix-org/synapse/commit/0331… | x_refsource_MISC |
| https://github.com/matrix-org/synapse/releases/ta… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| matrix-org | synapse |
Affected:
< 1.33.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/synapse/releases/tag/v1.33.2"
},
{
"name": "FEDORA-2021-a627cfd31e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "synapse",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003c 1.33.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 \"Push rules\" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T02:06:25.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/synapse/releases/tag/v1.33.2"
},
{
"name": "FEDORA-2021-a627cfd31e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/"
}
],
"source": {
"advisory": "GHSA-x345-32rc-8h85",
"discovery": "UNKNOWN"
},
"title": "Denial of service in Matrix Synapse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29471",
"STATE": "PUBLIC",
"TITLE": "Denial of service in Matrix Synapse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "synapse",
"version": {
"version_data": [
{
"version_value": "\u003c 1.33.2"
}
]
}
}
]
},
"vendor_name": "matrix-org"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 \"Push rules\" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85",
"refsource": "CONFIRM",
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85"
},
{
"name": "https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c",
"refsource": "MISC",
"url": "https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c"
},
{
"name": "https://github.com/matrix-org/synapse/releases/tag/v1.33.2",
"refsource": "MISC",
"url": "https://github.com/matrix-org/synapse/releases/tag/v1.33.2"
},
{
"name": "FEDORA-2021-a627cfd31e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/"
}
]
},
"source": {
"advisory": "GHSA-x345-32rc-8h85",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29471",
"datePublished": "2021-05-11T15:05:12.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29506 (GCVE-0-2021-29506)
Vulnerability from cvelistv5 – Published: 2021-05-13 18:15 – Updated: 2024-08-03 22:11
VLAI
Title
Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.
Summary
GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304
Severity
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/graphhopper/graphhopper/securi… | x_refsource_CONFIRM |
| https://github.com/graphhopper/graphhopper/pull/2304 | x_refsource_MISC |
| https://github.com/graphhopper/graphhopper/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| graphhopper | graphhopper |
Affected:
>= 2.0, < 2.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/graphhopper/graphhopper/security/advisories/GHSA-hf44-3mx6-vhhw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/graphhopper/graphhopper/pull/2304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "graphhopper",
"vendor": "graphhopper",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0, \u003c 2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T18:15:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/graphhopper/graphhopper/security/advisories/GHSA-hf44-3mx6-vhhw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/graphhopper/graphhopper/pull/2304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41"
}
],
"source": {
"advisory": "GHSA-hf44-3mx6-vhhw",
"discovery": "UNKNOWN"
},
"title": "Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29506",
"STATE": "PUBLIC",
"TITLE": "Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "graphhopper",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0, \u003c 2.4"
}
]
}
}
]
},
"vendor_name": "graphhopper"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/graphhopper/graphhopper/security/advisories/GHSA-hf44-3mx6-vhhw",
"refsource": "CONFIRM",
"url": "https://github.com/graphhopper/graphhopper/security/advisories/GHSA-hf44-3mx6-vhhw"
},
{
"name": "https://github.com/graphhopper/graphhopper/pull/2304",
"refsource": "MISC",
"url": "https://github.com/graphhopper/graphhopper/pull/2304"
},
{
"name": "https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41",
"refsource": "MISC",
"url": "https://github.com/graphhopper/graphhopper/commit/eb189be1fa7443ebf4ae881e737a18f818c95f41"
}
]
},
"source": {
"advisory": "GHSA-hf44-3mx6-vhhw",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29506",
"datePublished": "2021-05-13T18:15:13.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29509 (GCVE-0-2021-29509)
Vulnerability from cvelistv5 – Published: 2021-05-11 16:50 – Updated: 2024-08-03 22:11
VLAI
Title
Keepalive Connections Causing Denial Of Service in puma
Summary
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.
Severity
7.5 (High)
CWE
- CWE-400 - {"CWE-400":"Uncontrolled Resource Consumption"}
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/puma/puma/security/advisories/… | x_refsource_CONFIRM |
| https://gist.github.com/nateberkopec/4b3ea5676c0d… | x_refsource_MISC |
| https://github.com/puma/puma/security/policy | x_refsource_MISC |
| https://rubygems.org/gems/puma | x_refsource_MISC |
| https://security.gentoo.org/glsa/202208-28 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/puma/puma/security/policy"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rubygems.org/gems/puma"
},
{
"name": "GLSA-202208-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "puma",
"vendor": "puma",
"versions": [
{
"status": "affected",
"version": "\u003c 4.3.8"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-27T20:06:19.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/puma/puma/security/policy"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rubygems.org/gems/puma"
},
{
"name": "GLSA-202208-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
}
],
"source": {
"advisory": "GHSA-q28m-8xjw-8vr5",
"discovery": "UNKNOWN"
},
"title": "Keepalive Connections Causing Denial Of Service in puma",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29509",
"STATE": "PUBLIC",
"TITLE": "Keepalive Connections Causing Denial Of Service in puma"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "puma",
"version": {
"version_data": [
{
"version_value": "\u003c 4.3.8"
},
{
"version_value": "\u003e= 5.0.0, \u003c 5.3.1"
}
]
}
}
]
},
"vendor_name": "puma"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-400\":\"Uncontrolled Resource Consumption\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5",
"refsource": "CONFIRM",
"url": "https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5"
},
{
"name": "https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837",
"refsource": "MISC",
"url": "https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837"
},
{
"name": "https://github.com/puma/puma/security/policy",
"refsource": "MISC",
"url": "https://github.com/puma/puma/security/policy"
},
{
"name": "https://rubygems.org/gems/puma",
"refsource": "MISC",
"url": "https://rubygems.org/gems/puma"
},
{
"name": "GLSA-202208-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
}
]
},
"source": {
"advisory": "GHSA-q28m-8xjw-8vr5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29509",
"datePublished": "2021-05-11T16:50:11.000Z",
"dateReserved": "2021-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:11:05.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30468 (GCVE-0-2021-30468)
Vulnerability from cvelistv5 – Published: 2021-06-16 12:00 – Updated: 2024-08-03 22:32
VLAI
Title
Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter
Summary
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
15 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
Apache CXF , < 3.4.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc"
},
{
"name": "[cxf-users] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cusers.cxf.apache.org%3E"
},
{
"name": "[cxf-dev] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cdev.cxf.apache.org%3E"
},
{
"name": "[announce] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cannounce.apache.org%3E"
},
{
"name": "[oss-security] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/16/2"
},
{
"name": "[tomee-commits] 20210705 [jira] [Created] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3f46ae38e4a6e80c069cdb320e0ce831b0a21a12ef0cc92c0943f34a%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210705 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re5b2a2b77faa22684d47bd2ac6623135c615565328ff40a1ec705448%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210901 [jira] [Resolved] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac07822057521dccf33ab5d136e0e8c599a6e2c8ac75e44ffbdc6e07%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210901 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re9e05c6cab5f0dcc827eba4e6fcf26fa0b493e7ca84d62c867a80d03%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra833f78b3fa577cb43558cf343859a1bf70b1c5ce2353b3877d96422%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r54c0f1cbbb9f381dfbedb9ea5e90ecb1c0a15371f40c4b10322ac737%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Reopened] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4771084730c4cf6e59eda60b4407122c86f174eb750b24f610ba9ff4%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210917-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "3.3.11",
"status": "unaffected"
}
],
"lessThan": "3.4.4",
"status": "affected",
"version": "Apache CXF",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:54:48.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc"
},
{
"name": "[cxf-users] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cusers.cxf.apache.org%3E"
},
{
"name": "[cxf-dev] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cdev.cxf.apache.org%3E"
},
{
"name": "[announce] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cannounce.apache.org%3E"
},
{
"name": "[oss-security] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/06/16/2"
},
{
"name": "[tomee-commits] 20210705 [jira] [Created] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3f46ae38e4a6e80c069cdb320e0ce831b0a21a12ef0cc92c0943f34a%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210705 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re5b2a2b77faa22684d47bd2ac6623135c615565328ff40a1ec705448%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210901 [jira] [Resolved] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rac07822057521dccf33ab5d136e0e8c599a6e2c8ac75e44ffbdc6e07%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210901 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re9e05c6cab5f0dcc827eba4e6fcf26fa0b493e7ca84d62c867a80d03%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra833f78b3fa577cb43558cf343859a1bf70b1c5ce2353b3877d96422%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r54c0f1cbbb9f381dfbedb9ea5e90ecb1c0a15371f40c4b10322ac737%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Reopened] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4771084730c4cf6e59eda60b4407122c86f174eb750b24f610ba9ff4%40%3Ccommits.tomee.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210917-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-30468",
"STATE": "PUBLIC",
"TITLE": "Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CXF",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache CXF",
"version_value": "3.4.4"
},
{
"version_affected": "\u003c",
"version_name": "Apache CXF",
"version_value": "3.3.11"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc",
"refsource": "MISC",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc"
},
{
"name": "[cxf-users] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459@%3Cusers.cxf.apache.org%3E"
},
{
"name": "[cxf-dev] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459@%3Cdev.cxf.apache.org%3E"
},
{
"name": "[announce] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459@%3Cannounce.apache.org%3E"
},
{
"name": "[oss-security] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/06/16/2"
},
{
"name": "[tomee-commits] 20210705 [jira] [Created] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3f46ae38e4a6e80c069cdb320e0ce831b0a21a12ef0cc92c0943f34a@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210705 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re5b2a2b77faa22684d47bd2ac6623135c615565328ff40a1ec705448@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210901 [jira] [Resolved] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac07822057521dccf33ab5d136e0e8c599a6e2c8ac75e44ffbdc6e07@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210901 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re9e05c6cab5f0dcc827eba4e6fcf26fa0b493e7ca84d62c867a80d03@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra833f78b3fa577cb43558cf343859a1bf70b1c5ce2353b3877d96422@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r54c0f1cbbb9f381dfbedb9ea5e90ecb1c0a15371f40c4b10322ac737@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210913 [jira] [Reopened] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4771084730c4cf6e59eda60b4407122c86f174eb750b24f610ba9ff4@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210917-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210917-0002/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-30468",
"datePublished": "2021-06-16T12:00:18.000Z",
"dateReserved": "2021-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:41.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31340 (GCVE-0-2021-31340)
Vulnerability from cvelistv5 – Published: 2021-06-08 19:47 – Updated: 2024-08-03 22:55
VLAI
Summary
A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC RF166C |
Affected:
All versions > V1.1 and < V1.3.2
|
|
| Siemens | SIMATIC RF185C |
Affected:
All versions > V1.1 and < V1.3.2
|
|
| Siemens | SIMATIC RF186C |
Affected:
All versions > V1.1 and < V1.3.2
|
|
| Siemens | SIMATIC RF186CI |
Affected:
All versions > V1.1 and < V1.3.2
|
|
| Siemens | SIMATIC RF188C |
Affected:
All versions > V1.1 and < V1.3.2
|
|
| Siemens | SIMATIC RF188CI |
Affected:
All versions > V1.1 and < V1.3.2
|
|
| Siemens | SIMATIC RF360R |
Affected:
All versions < V2.0
|
|
| Siemens | SIMATIC Reader RF610R CMIIT |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF610R ETSI |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF610R FCC |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF615R CMIIT |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF615R ETSI |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF615R FCC |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF650R ARIB |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF650R CMIIT |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF650R ETSI |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF650R FCC |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF680R ARIB |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF680R CMIIT |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF680R ETSI |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF680R FCC |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF685R ARIB |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF685R CMIIT |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF685R ETSI |
Affected:
All versions > V3.0 < V4.0
|
|
| Siemens | SIMATIC Reader RF685R FCC |
Affected:
All versions > V3.0 < V4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
},
{
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"product": "SIMATIC Reader RF610R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF610R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF610R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF615R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF615R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF615R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R ARIB",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF650R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R ARIB",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF680R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R ARIB",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R CMIIT",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R ETSI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
},
{
"product": "SIMATIC Reader RF685R FCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T09:46:26.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC RF166C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF185C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF186C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF186CI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF188C",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF188CI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V1.1 and \u003c V1.3.2"
}
]
}
},
{
"product_name": "SIMATIC RF360R",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF610R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF610R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF610R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R FCC",
"version": {
"version_data": [
{
"version_value": "All versions \u003e V3.0 \u003c V4.0"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31340",
"datePublished": "2021-06-08T19:47:16.000Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31365 (GCVE-0-2021-31365)
Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-16 20:52
VLAI
Title
Junos OS: EX2300, EX3400 and EX4300 Series: An Aggregated Ethernet (AE) interface will go down due to a stream of specific layer 2 frames
Summary
An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2.
Severity
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
- Denial of Service (DoS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11227 | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 15.1R7-S7
(custom)
Affected: 16.1 , < 16.1R7-S8 (custom) Affected: 17.1 , < 17.1R2-S12 (custom) Affected: 17.2 , < 17.2R3-S4 (custom) Affected: 17.3 , < 17.3R3-S8 (custom) Affected: 17.4 , < 17.4R2-S10, 17.4R3-S2 (custom) Affected: 18.1 , < 18.1R3-S10 (custom) Affected: 18.2 , < 18.2R2-S7, 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R2-S4, 18.3R3-S2 (custom) Affected: 18.4 , < 18.4R1-S7, 18.4R2-S4, 18.4R3-S1 (custom) Affected: 19.1 , < 19.1R1-S5, 19.1R2-S1, 19.1R3 (custom) Affected: 19.2 , < 19.2R1-S5, 19.2R2 (custom) Affected: 19.3 , < 19.3R2-S2, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S2, 19.4R2 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.1R3-S12
(custom)
Affected: 18.2 , < 18.2R3-S7 (custom) Affected: 18.3 , < 18.3R3-S4 (custom) Affected: 18.4 , < 18.4R2-S9, 18.4R3-S7 (custom) Affected: 19.1 , < 19.1R2-S3, 19.1R3-S4 (custom) Affected: 19.2 , < 19.2R3-S1 (custom) Affected: 19.3 , < 19.3R3-S1 (custom) Affected: 19.4 , < 19.4R3-S1 (custom) Affected: 20.1 , < 20.1R3 (custom) Affected: 20.2 , < 20.2R3 (custom) Affected: 20.3 , < 20.3R2 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.3R3-S5
(custom)
Affected: 18.4 , < 18.4R2-S9, 18.4R3-S9 (custom) Affected: 19.1 , < 19.1R2-S3, 19.1R3-S6 (custom) Affected: 19.2 , < 19.2R1-S7, 19.2R3-S3 (custom) Affected: 19.3 , < 19.3R2-S7, 19.3R3-S3 (custom) Affected: 19.4 , < 19.4R3-S5 (custom) Affected: 20.1 , < 20.1R2-S2, 20.1R3-S1 (custom) Affected: 20.2 , < 20.2R3-S2 (custom) Affected: 20.3 , < 20.3R3-S1 (custom) Affected: 20.4 , < 20.4R2-S1, 20.4R3 (custom) Affected: 21.1 , < 21.1R2 (custom) |
Date Public
2021-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX4300 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S8",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S12",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S4",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S10, 17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3-S1",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S2, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S2, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"platforms": [
"EX3400 Series, EX4300-MP Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.1R3-S12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S7",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S9, 18.4R3-S7",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"EX2300 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S9, 18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S6",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S7, 19.3R3-S3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S5",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3-S1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S1, 20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue can only occur when the device is configured with Link Aggregation Control Protocol (LACP) in combination with Link Layer Discovery Protocol (LLDP).\n\nThe examples of minimum config stanza affected by this issue:\n [interfaces ae\u003cX\u003e aggregated-ether-options lacp]\nin combination with:\n [protocols lldp interface (all | ae\u003cX\u003e)]"
}
],
"datePublic": "2021-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:53.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11227"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue in Junos OS \n\n- For EX4300 Series: 15.1R7-S7, 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S1, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1, and all subsequent releases.\n\n- For EX3400 and EX4300-MP Series: 18.1R3-S12, 18.2R3-S7, 18.3R3-S4, 18.4R2-S9, 18.4R3-S7, 19.1R2-S3, 19.1R3-S4, 19.2R3-S1, 19.3R3-S1, 19.4R3-S1, 20.1R3, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\n\n -For EX2300 Series: 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S7, 19.3R3-S3, 19.4R3-S5, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R2-S1, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11227",
"defect": [
"1481911",
"1582255",
"1542530"
],
"discovery": "USER"
},
"title": "Junos OS: EX2300, EX3400 and EX4300 Series: An Aggregated Ethernet (AE) interface will go down due to a stream of specific layer 2 frames",
"workarounds": [
{
"lang": "en",
"value": "Disabling LLDP configuration will prevent this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31365",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300, EX3400 and EX4300 Series: An Aggregated Ethernet (AE) interface will go down due to a stream of specific layer 2 frames"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_value": "15.1R7-S7"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S12"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S1"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S2, 19.3R3"
},
{
"platform": "EX4300 Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_value": "18.1R3-S12"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S7"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S7"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S4"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S1"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S1"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S1"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3"
},
{
"platform": "EX3400 Series, EX4300-MP Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_value": "18.3R3-S5"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S6"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S3"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S5"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3-S1"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-S1, 20.4R3"
},
{
"platform": "EX2300 Series",
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue can only occur when the device is configured with Link Aggregation Control Protocol (LACP) in combination with Link Layer Discovery Protocol (LLDP).\n\nThe examples of minimum config stanza affected by this issue:\n [interfaces ae\u003cX\u003e aggregated-ether-options lacp]\nin combination with:\n [protocols lldp interface (all | ae\u003cX\u003e)]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11227",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11227"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue in Junos OS \n\n- For EX4300 Series: 15.1R7-S7, 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S1, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1, and all subsequent releases.\n\n- For EX3400 and EX4300-MP Series: 18.1R3-S12, 18.2R3-S7, 18.3R3-S4, 18.4R2-S9, 18.4R3-S7, 19.1R2-S3, 19.1R3-S4, 19.2R3-S1, 19.3R3-S1, 19.4R3-S1, 20.1R3, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\n\n -For EX2300 Series: 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S7, 19.3R3-S3, 19.4R3-S5, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R2-S1, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11227",
"defect": [
"1481911",
"1582255",
"1542530"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disabling LLDP configuration will prevent this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31365",
"datePublished": "2021-10-19T18:16:53.840Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:52:01.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31368 (GCVE-0-2021-31368)
Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-16 17:47
VLAI
Title
Junos OS: EX2300 Series, EX3400 Series, and ACX710 might become unresponsive if the out-of-band management port receives a flood of traffic
Summary
An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that kernel and netisr process are shown to be using a lot of CPU cycles like in the following example output: user@host> show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 16 root -72 - 0K 304K WAIT 1 839:40 88.96% intr{swi1: netisr 0} 0 root 97 - 0K 160K RUN 1 732:43 87.99% kernel{bcm560xgmac0 que} This issue affects Juniper Networks JUNOS OS on EX2300 Series, EX3400 Series, and ACX710: All versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11230 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.1R3-S13
(custom)
Affected: 18.2 , < 18.2R3-S8 (custom) Affected: 18.3 , < 18.3R3-S5 (custom) Affected: 18.4 , < 18.4R2-S8, 18.4R3-S9 (custom) Affected: 19.1 , < 19.1R3-S5 (custom) Affected: 19.2 , < 19.2R1-S7, 19.2R3-S3 (custom) Affected: 19.3 , < 19.3R2-S6, 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R1-S4, 19.4R3-S3 (custom) Affected: 20.1 , < 20.1R2-S2, 20.1R3 (custom) Affected: 20.2 , < 20.2R3 (custom) Affected: 20.3 , < 20.3R2-S1, 20.3R3 (custom) Affected: 20.4 , < 20.4R2 (custom) |
Date Public
2021-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX2300 Series, EX3400 Series, ACX710"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.1R3-S13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S8, 18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S5",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2-S1, 20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that kernel and netisr process are shown to be using a lot of CPU cycles like in the following example output: user@host\u003e show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 16 root -72 - 0K 304K WAIT 1 839:40 88.96% intr{swi1: netisr 0} 0 root 97 - 0K 160K RUN 1 732:43 87.99% kernel{bcm560xgmac0 que} This issue affects Juniper Networks JUNOS OS on EX2300 Series, EX3400 Series, and ACX710: All versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:58.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11230"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S13, 18.3R3-S5, 18.4R2-S8, 18.4R3-S9, 19.1R3-S5, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11230",
"defect": [
"1536800"
],
"discovery": "USER"
},
"title": "Junos OS: EX2300 Series, EX3400 Series, and ACX710 might become unresponsive if the out-of-band management port receives a flood of traffic",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31368",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300 Series, EX3400 Series, and ACX710 might become unresponsive if the out-of-band management port receives a flood of traffic"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_value": "18.1R3-S13"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S8"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S8, 18.4R3-S9"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R3-S3"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2-S1, 20.3R3"
},
{
"platform": "EX2300 Series, EX3400 Series, ACX710",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that kernel and netisr process are shown to be using a lot of CPU cycles like in the following example output: user@host\u003e show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 16 root -72 - 0K 304K WAIT 1 839:40 88.96% intr{swi1: netisr 0} 0 root 97 - 0K 160K RUN 1 732:43 87.99% kernel{bcm560xgmac0 que} This issue affects Juniper Networks JUNOS OS on EX2300 Series, EX3400 Series, and ACX710: All versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11230",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11230"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S13, 18.3R3-S5, 18.4R2-S8, 18.4R3-S9, 19.1R3-S5, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11230",
"defect": [
"1536800"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31368",
"datePublished": "2021-10-19T18:16:58.779Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:47:38.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31405 (GCVE-0-2021-31405)
Vulnerability from cvelistv5 – Published: 2021-04-23 16:05 – Updated: 2024-09-17 02:32
VLAI
Title
Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17
Summary
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vaadin.com/security/cve-2021-31405 | x_refsource_MISC |
| https://github.com/vaadin/flow-components/pull/442 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vaadin | Vaadin |
Affected:
14.0.6 , < *
(custom)
|
|
| Vaadin | vaadin-text-field-flow |
Affected:
2.0.4 , < *
(custom)
|
Date Public
2021-03-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vaadin.com/security/cve-2021-31405"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vaadin/flow-components/pull/442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Vaadin",
"vendor": "Vaadin",
"versions": [
{
"changes": [
{
"at": "15.0.0",
"status": "affected"
}
],
"lessThan": "*",
"status": "affected",
"version": "14.0.6",
"versionType": "custom"
}
]
},
{
"product": "vaadin-text-field-flow",
"vendor": "Vaadin",
"versions": [
{
"changes": [
{
"at": "3.0.0",
"status": "affected"
}
],
"lessThan": "*",
"status": "affected",
"version": "2.0.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T16:05:41.000Z",
"orgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"shortName": "Vaadin"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vaadin.com/security/cve-2021-31405"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vaadin/flow-components/pull/442"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@vaadin.com",
"DATE_PUBLIC": "2021-03-11T09:17:00.000Z",
"ID": "CVE-2021-31405",
"STATE": "PUBLIC",
"TITLE": "Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vaadin",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "14.0.6"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "14.4.3 +1"
},
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "15.0.0"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "17.0.10 +1"
}
]
}
},
{
"product_name": "vaadin-text-field-flow",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "2.0.4"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "2.3.2 +1"
},
{
"platform": "",
"version_affected": "\u003e=",
"version_name": "",
"version_value": "3.0.0"
},
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "",
"version_value": "4.0.2 +1"
}
]
}
}
]
},
"vendor_name": "Vaadin"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vaadin.com/security/cve-2021-31405",
"refsource": "MISC",
"url": "https://vaadin.com/security/cve-2021-31405"
},
{
"name": "https://github.com/vaadin/flow-components/pull/442",
"refsource": "MISC",
"url": "https://github.com/vaadin/flow-components/pull/442"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9e0f3122-90e9-42d5-93de-8c6b98deef7e",
"assignerShortName": "Vaadin",
"cveId": "CVE-2021-31405",
"datePublished": "2021-04-23T16:05:41.259Z",
"dateReserved": "2021-04-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:32:47.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
Phase: Architecture and Design
Description:
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that protocols have specific limits of scale placed on them.
Mitigation
Phase: Implementation
Description:
- Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.