Vulnerability Details CVE-2021-42072
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.openwall.com/lists/oss-security/2021/11/02/4
- https://github.com/debauchee/barrier/releases/tag/v2.4.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIEVNCFEFO7L3NTM4VUZB3WKYYCBTFCI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMU3STOKHPEZSC54MZ42YBFFC2R3BU2Q/
- http://www.openwall.com/lists/oss-security/2021/11/02/4
- https://github.com/debauchee/barrier/releases/tag/v2.4.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIEVNCFEFO7L3NTM4VUZB3WKYYCBTFCI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMU3STOKHPEZSC54MZ42YBFFC2R3BU2Q/
Products affected by CVE-2021-42072
-
cpe:2.3:a:barrier_project:barrier:1.10.2
-
cpe:2.3:a:barrier_project:barrier:1.10.3
-
cpe:2.3:a:barrier_project:barrier:1.11.0
-
cpe:2.3:a:barrier_project:barrier:1.6.0
-
cpe:2.3:a:barrier_project:barrier:1.6.1
-
cpe:2.3:a:barrier_project:barrier:1.6.2
-
cpe:2.3:a:barrier_project:barrier:1.6.3
-
cpe:2.3:a:barrier_project:barrier:1.7.0
-
cpe:2.3:a:barrier_project:barrier:1.7.1
-
cpe:2.3:a:barrier_project:barrier:1.7.2
-
cpe:2.3:a:barrier_project:barrier:1.7.3
-
cpe:2.3:a:barrier_project:barrier:1.8.1
-
cpe:2.3:a:barrier_project:barrier:1.8.3
-
cpe:2.3:a:barrier_project:barrier:1.8.4
-
cpe:2.3:a:barrier_project:barrier:1.8.5
-
cpe:2.3:a:barrier_project:barrier:1.8.6
-
cpe:2.3:a:barrier_project:barrier:1.8.7
-
cpe:2.3:a:barrier_project:barrier:1.8.8
-
cpe:2.3:a:barrier_project:barrier:1.9.0
-
cpe:2.3:a:barrier_project:barrier:1.9.1
-
cpe:2.3:a:barrier_project:barrier:2.0.0
-
cpe:2.3:a:barrier_project:barrier:2.0.3
-
cpe:2.3:a:barrier_project:barrier:2.0.4
-
cpe:2.3:a:barrier_project:barrier:2.0.7
-
cpe:2.3:a:barrier_project:barrier:2.0.8
-
cpe:2.3:a:barrier_project:barrier:2.1.0
-
cpe:2.3:a:barrier_project:barrier:2.1.1
-
cpe:2.3:a:barrier_project:barrier:2.1.2
-
cpe:2.3:a:barrier_project:barrier:2.3.0
-
cpe:2.3:a:barrier_project:barrier:2.3.1
-
cpe:2.3:a:barrier_project:barrier:2.3.2
-
cpe:2.3:a:barrier_project:barrier:2.3.3
-
cpe:2.3:a:barrier_project:barrier:2.3.4
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35