Common Weakness Enumeration

CWE-362

Allowed-with-Review

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Abstraction: Class · Status: Draft

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2900 vulnerabilities reference this CWE, most recent first.

CVE-2022-1195 (GCVE-0-2022-1195)

Vulnerability from cvelistv5 – Published: 2022-04-29 15:40 – Updated: 2024-08-02 23:55
VLAI
Summary
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a kernel Affected: kernel 5.16 rc1
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056381"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b9111922b1f399aba6ed1e1b8f2079c3da1aed8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0588c291d6ce225f2b891753ca41d45ba42469"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81b1d548d00bcd028303c4f3150fa753b9b8aa71"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2f37aead1b82a770c48b5d583f35ec22aabb61e"
          },
          {
            "name": "DSA-5127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5127"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.16 rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362-\u003eCWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:10:29.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056381"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b9111922b1f399aba6ed1e1b8f2079c3da1aed8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0588c291d6ce225f2b891753ca41d45ba42469"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81b1d548d00bcd028303c4f3150fa753b9b8aa71"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2f37aead1b82a770c48b5d583f35ec22aabb61e"
        },
        {
          "name": "DSA-5127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5127"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 5.16 rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362-\u003eCWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2056381",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056381"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b9111922b1f399aba6ed1e1b8f2079c3da1aed8",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b9111922b1f399aba6ed1e1b8f2079c3da1aed8"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0588c291d6ce225f2b891753ca41d45ba42469",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0588c291d6ce225f2b891753ca41d45ba42469"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81b1d548d00bcd028303c4f3150fa753b9b8aa71",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81b1d548d00bcd028303c4f3150fa753b9b8aa71"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2f37aead1b82a770c48b5d583f35ec22aabb61e",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2f37aead1b82a770c48b5d583f35ec22aabb61e"
            },
            {
              "name": "DSA-5127",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5127"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1195",
    "datePublished": "2022-04-29T15:40:58.000Z",
    "dateReserved": "2022-03-31T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:55:24.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0279 (GCVE-0-2022-0279)

Vulnerability from cvelistv5 – Published: 2022-02-21 10:46 – Updated: 2024-08-02 23:25
VLAI
Title
AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition
Summary
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
Severity
No CVSS data available.
CWE
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
Impacted products
Vendor Product Version
Unknown AnyComment Affected: 0.2.18 , < 0.2.18 (custom)
Create a notification for this product.
Credits
Brandon Roldan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AnyComment",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "0.2.18",
              "status": "affected",
              "version": "0.2.18",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Brandon Roldan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-21T10:46:12.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "AnyComment \u003c 0.2.18 - Comment Rating Increase/Decrease via Race Condition",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-0279",
          "STATE": "PUBLIC",
          "TITLE": "AnyComment \u003c 0.2.18 - Comment Rating Increase/Decrease via Race Condition"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AnyComment",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "0.2.18",
                            "version_value": "0.2.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Brandon Roldan"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-0279",
    "datePublished": "2022-02-21T10:46:12.000Z",
    "dateReserved": "2022-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:25:40.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0207 (GCVE-0-2022-0207)

Vulnerability from cvelistv5 – Published: 2022-08-26 17:25 – Updated: 2024-08-02 23:18
VLAI
Summary
A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.
Severity
No CVSS data available.
CWE
  • CWE-362 - - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Vendor Product Version
n/a vdsm Affected: Fixed in v4.50.0.4
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:42.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.ovirt.org/c/vdsm/+/118025"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=53b0036fc72d3b8877d4e7f047d705e5a4c722e8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-0207"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vdsm",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in v4.50.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-26T17:25:47.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033697"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039248"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.ovirt.org/c/vdsm/+/118025"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.ovirt.org/gitweb?p=vdsm.git%3Ba=commit%3Bh=53b0036fc72d3b8877d4e7f047d705e5a4c722e8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-0207"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0207",
    "datePublished": "2022-08-26T17:25:47.000Z",
    "dateReserved": "2022-01-12T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:18:42.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44731 (GCVE-0-2021-44731)

Vulnerability from cvelistv5 – Published: 2022-02-17 00:00 – Updated: 2024-08-04 04:32
VLAI
Title
snapd could be made to escalate privileges and run programs as administrator
Summary
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CWE
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
Impacted products
Vendor Product Version
Canonical Ltd. snapd Affected: unspecified , ≤ 2.54.2 (custom)
Create a notification for this product.
Credits
Qualys Research Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:12.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5292-1"
          },
          {
            "name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
          },
          {
            "name": "FEDORA-2022-82bea71e5a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
          },
          {
            "name": "FEDORA-2022-5df8b52ba4",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
          },
          {
            "name": "DSA-5080",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5080"
          },
          {
            "name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
          },
          {
            "name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/23/2"
          },
          {
            "name": "[oss-security] 20221130 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"
          },
          {
            "name": "20221208 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "snapd",
          "vendor": "Canonical Ltd.",
          "versions": [
            {
              "lessThanOrEqual": "2.54.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Qualys Research Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap\u0027s private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-09T00:00:00.000Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "url": "https://ubuntu.com/security/notices/USN-5292-1"
        },
        {
          "name": "[oss-security] 20220218 CVE-2021-4120: Insufficient validation of snap content interface and layout paths",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/02/18/2"
        },
        {
          "name": "FEDORA-2022-82bea71e5a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U/"
        },
        {
          "name": "FEDORA-2022-5df8b52ba4",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7/"
        },
        {
          "name": "DSA-5080",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5080"
        },
        {
          "name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/02/23/1"
        },
        {
          "name": "[oss-security] 20220223 Re: CVE-2021-44731: Race condition in snap-confine\u0027s setup_private_mount()",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/02/23/2"
        },
        {
          "name": "[oss-security] 20221130 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/30/2"
        },
        {
          "name": "20221208 Race condition in snap-confine\u0027s must_mkdir_and_open_with_perms() (CVE-2022-3328)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/4"
        },
        {
          "url": "http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "snapd could be made to escalate privileges and run programs as administrator",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-44731",
    "datePublished": "2022-02-17T00:00:00.000Z",
    "dateReserved": "2021-12-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:32:12.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-43980 (GCVE-0-2021-43980)

Vulnerability from cvelistv5 – Published: 2022-09-28 00:00 – Updated: 2025-05-21 15:00
VLAI
Title
Apache Tomcat: Information disclosure
Summary
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Tomcat Affected: 10.1.0-M1 to 10.1.0-M12
Affected: 10.0.0-M1 to 10.0.18
Affected: 9.0.0-M1 to 9.0.60
Affected: 8.5.0 to 8.5.77
Create a notification for this product.
Credits
Thanks to Adam Thomas, Richard Hernandez and Ryan Schmitt for discovering the issue and working with the Tomcat security team to identify the root cause and appropriate fix.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:16.914Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3"
          },
          {
            "name": "[oss-security] 20220928 CVE-2021-43980: Apache Tomcat: Information disclosure",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/28/1"
          },
          {
            "name": "[debian-lts-announce] 20221026 [SECURITY] [DLA 3160-1] tomcat9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html"
          },
          {
            "name": "DSA-5265",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5265"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 3.7,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-43980",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-21T14:59:33.357809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-21T15:00:10.097Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "10.1.0-M1 to 10.1.0-M12"
            },
            {
              "status": "affected",
              "version": "10.0.0-M1 to 10.0.18"
            },
            {
              "status": "affected",
              "version": "9.0.0-M1 to 9.0.60"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.77"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks to Adam Thomas, Richard Hernandez and Ryan Schmitt for discovering the issue and working with the Tomcat security team to identify the root cause and appropriate fix."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "important"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-30T00:00:00.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3"
        },
        {
          "name": "[oss-security] 20220928 CVE-2021-43980: Apache Tomcat: Information disclosure",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/28/1"
        },
        {
          "name": "[debian-lts-announce] 20221026 [SECURITY] [DLA 3160-1] tomcat9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html"
        },
        {
          "name": "DSA-5265",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5265"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Tomcat: Information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-43980",
    "datePublished": "2022-09-28T00:00:00.000Z",
    "dateReserved": "2021-11-17T00:00:00.000Z",
    "dateUpdated": "2025-05-21T15:00:10.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32810 (GCVE-0-2021-32810)

Vulnerability from cvelistv5 – Published: 2021-08-02 18:35 – Updated: 2024-08-03 23:33
VLAI
Title
Data race in crossbeam-deque
Summary
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
URL Tags
https://github.com/crossbeam-rs/crossbeam/securit… x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
Impacted products
Vendor Product Version
crossbeam-rs crossbeam Affected: < 0.7.4
Affected: >= 0.8.0, < 0.8.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:56.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"
          },
          {
            "name": "FEDORA-2021-a5161737c3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"
          },
          {
            "name": "FEDORA-2021-537541ceae",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"
          },
          {
            "name": "FEDORA-2021-5e99655cca",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"
          },
          {
            "name": "FEDORA-2021-2db6c84087",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"
          },
          {
            "name": "FEDORA-2021-60f0e1bb35",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"
          },
          {
            "name": "FEDORA-2021-3cf88e44b4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"
          },
          {
            "name": "FEDORA-2021-67d6c34e5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"
          },
          {
            "name": "FEDORA-2021-32c9adf002",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"
          },
          {
            "name": "FEDORA-2021-e37a366b00",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"
          },
          {
            "name": "FEDORA-2021-af2eb94426",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"
          },
          {
            "name": "FEDORA-2021-9dc0bd0072",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"
          },
          {
            "name": "FEDORA-2021-0f82e9d6d5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"
          },
          {
            "name": "FEDORA-2021-e5ec6d55bf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"
          },
          {
            "name": "FEDORA-2021-79ce3cb64a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "crossbeam",
          "vendor": "crossbeam-rs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.7.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.8.0, \u003c 0.8.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-18T02:06:24.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"
        },
        {
          "name": "FEDORA-2021-a5161737c3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"
        },
        {
          "name": "FEDORA-2021-537541ceae",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"
        },
        {
          "name": "FEDORA-2021-5e99655cca",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"
        },
        {
          "name": "FEDORA-2021-2db6c84087",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"
        },
        {
          "name": "FEDORA-2021-60f0e1bb35",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"
        },
        {
          "name": "FEDORA-2021-3cf88e44b4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"
        },
        {
          "name": "FEDORA-2021-67d6c34e5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"
        },
        {
          "name": "FEDORA-2021-32c9adf002",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"
        },
        {
          "name": "FEDORA-2021-e37a366b00",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"
        },
        {
          "name": "FEDORA-2021-af2eb94426",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"
        },
        {
          "name": "FEDORA-2021-9dc0bd0072",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"
        },
        {
          "name": "FEDORA-2021-0f82e9d6d5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"
        },
        {
          "name": "FEDORA-2021-e5ec6d55bf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"
        },
        {
          "name": "FEDORA-2021-79ce3cb64a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"
        }
      ],
      "source": {
        "advisory": "GHSA-pqqp-xmhj-wgcw",
        "discovery": "UNKNOWN"
      },
      "title": "Data race in crossbeam-deque",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32810",
          "STATE": "PUBLIC",
          "TITLE": "Data race in crossbeam-deque"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "crossbeam",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.7.4"
                          },
                          {
                            "version_value": "\u003e= 0.8.0, \u003c 0.8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "crossbeam-rs"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw",
              "refsource": "CONFIRM",
              "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"
            },
            {
              "name": "FEDORA-2021-a5161737c3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"
            },
            {
              "name": "FEDORA-2021-537541ceae",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"
            },
            {
              "name": "FEDORA-2021-5e99655cca",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"
            },
            {
              "name": "FEDORA-2021-2db6c84087",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"
            },
            {
              "name": "FEDORA-2021-60f0e1bb35",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"
            },
            {
              "name": "FEDORA-2021-3cf88e44b4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"
            },
            {
              "name": "FEDORA-2021-67d6c34e5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"
            },
            {
              "name": "FEDORA-2021-32c9adf002",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"
            },
            {
              "name": "FEDORA-2021-e37a366b00",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"
            },
            {
              "name": "FEDORA-2021-af2eb94426",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"
            },
            {
              "name": "FEDORA-2021-9dc0bd0072",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"
            },
            {
              "name": "FEDORA-2021-0f82e9d6d5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"
            },
            {
              "name": "FEDORA-2021-e5ec6d55bf",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"
            },
            {
              "name": "FEDORA-2021-79ce3cb64a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-pqqp-xmhj-wgcw",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32810",
    "datePublished": "2021-08-02T18:35:12.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:33:56.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32686 (GCVE-0-2021-32686)

Vulnerability from cvelistv5 – Published: 2021-07-23 00:00 – Updated: 2025-11-04 16:09
VLAI
Title
Denial of Service in PJSIP
Summary
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Vendor Product Version
pjsip pjproject Affected: < 2.11.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:09:14.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pjsip/pjproject/pull/2716"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pjsip/pjproject/releases/tag/2.11.1"
          },
          {
            "name": "DSA-4999",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4999"
          },
          {
            "name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
          },
          {
            "name": "GLSA-202210-37",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-37"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pjproject",
          "vendor": "pjsip",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr"
        },
        {
          "url": "https://github.com/pjsip/pjproject/pull/2716"
        },
        {
          "url": "https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd"
        },
        {
          "url": "https://github.com/pjsip/pjproject/releases/tag/2.11.1"
        },
        {
          "name": "DSA-4999",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4999"
        },
        {
          "name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
        },
        {
          "name": "GLSA-202210-37",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-37"
        }
      ],
      "source": {
        "advisory": "GHSA-cv8x-p47p-99wr",
        "discovery": "UNKNOWN"
      },
      "title": "Denial of Service in PJSIP"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32686",
    "datePublished": "2021-07-23T00:00:00.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2025-11-04T16:09:14.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-31382 (GCVE-0-2021-31382)

Vulnerability from cvelistv5 – Published: 2021-10-19 18:17 – Updated: 2024-09-17 01:05
VLAI
Title
Junos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces
Summary
On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces.
CWE
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11250 x_refsource_CONFIRM
https://kb.juniper.net/KB10956 x_refsource_MISC
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: unspecified , < 17.2R1 (custom)
Affected: 17.2R1 , < 17.2* (custom)
Affected: 17.3 , < 17.3R3-S12 (custom)
Affected: 17.4 , < 17.4R3-S5 (custom)
Affected: 18.1 , < 18.1R3-S13 (custom)
Affected: 18.2 , < 18.2R3-S8 (custom)
Affected: 18.3 , < 18.3R3-S5 (custom)
Affected: 18.4 , < 18.4R1-S8, 18.4R2-S8, 18.4R3-S8 (custom)
Affected: 19.1 , < 19.1R3-S5 (custom)
Affected: 19.2 , < 19.2R3-S2 (custom)
Affected: 19.3 , < 19.3R2-S6, 19.3R3-S3 (custom)
Affected: 19.4 , < 19.4R2-S4, 19.4R3-S3 (custom)
Affected: 20.1 , < 20.1R3 (custom)
Affected: 20.2 , < 20.2R2-S3, 20.2R3 (custom)
Affected: 20.3 , < 20.3R2-S1, 20.3R3 (custom)
Affected: 20.4 , < 20.4R1-S1, 20.4R2 (custom)
Create a notification for this product.
Juniper Networks Junos OS Affected: 18.4 , < 18.4R3-S9 (custom)
Affected: 19.1R1 , < 19.1* (custom)
Affected: 19.4 , < 19.4R2-S5, 19.4R3-S5 (custom)
Affected: 20.1 , < 20.1R3-S1 (custom)
Affected: 20.2 , < 20.2R3-S2 (custom)
Affected: 20.3 , < 20.3R3-S1 (custom)
Affected: 20.4R1 , < 20.4* (custom)
Affected: 21.1 , < 21.1R2 (custom)
Affected: 21.2R1 , < 21.2* (custom)
Affected: 21.3 , < 21.3R2 (custom)
Unaffected: 18.2 , < 18.2R1 (custom)
Create a notification for this product.
Date Public
2021-10-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.784Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11250"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/KB10956"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "PTX1000 System"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "17.2R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2*",
              "status": "affected",
              "version": "17.2R1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S12",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R3-S5",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S13",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S8",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R3-S5",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S8, 18.4R2-S8, 18.4R3-S8",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R3-S5",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R3-S2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S6, 19.3R3-S3",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S4, 19.4R3-S3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R2-S3, 20.2R3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R2-S1, 20.3R3",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R1-S1, 20.4R2",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "PTX10002-60C System"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.4R3-S9",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1*",
              "status": "affected",
              "version": "19.1R1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S5, 19.4R3-S5",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R3-S1",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S2",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S1",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4*",
              "status": "affected",
              "version": "20.4R1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R2",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2*",
              "status": "affected",
              "version": "21.2R1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R2",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R1",
              "status": "unaffected",
              "version": "18.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Configuration examples for firewall filtering are posted on the support site and in the product documentation."
        }
      ],
      "datePublic": "2021-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device\u0027s interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-19T18:17:24.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11250"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/KB10956"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS on PTX1000 System: 17.3R3-S12, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R2-S4, 19.4R3-S3, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS on PTX10002-60C System: 18.4R3-S9, 19.4R2-S5, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 21.1R2, 21.3R2, 21.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11250",
        "defect": [
          "1517804",
          "1602292"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces",
      "workarounds": [
        {
          "lang": "en",
          "value": "Restart the firewall daemon after the system has rebooted after the upgrade."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
          "ID": "CVE-2021-31382",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003e=",
                            "version_name": "17.2",
                            "version_value": "17.2R1"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S12"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R3-S5"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S13"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S8"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R3-S5"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S8, 18.4R2-S8, 18.4R3-S8"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R3-S5"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R3-S2"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S6, 19.3R3-S3"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2-S4, 19.4R3-S3"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R3"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R2-S3, 20.2R3"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R2-S1, 20.3R3"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R1-S1, 20.4R2"
                          },
                          {
                            "platform": "PTX1000 System",
                            "version_affected": "!\u003c",
                            "version_value": "17.2R1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R3-S9"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003e",
                            "version_name": "19.1",
                            "version_value": "19.1R1"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2-S5, 19.4R3-S5"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R3-S1"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R3-S2"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R3-S1"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003e=",
                            "version_name": "20.4",
                            "version_value": "20.4R1"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003c",
                            "version_name": "21.1",
                            "version_value": "21.1R2"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003e=",
                            "version_name": "21.2",
                            "version_value": "21.2R1"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "\u003c",
                            "version_name": "21.3",
                            "version_value": "21.3R2"
                          },
                          {
                            "platform": "PTX10002-60C System",
                            "version_affected": "!\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "Configuration examples for firewall filtering are posted on the support site and in the product documentation."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device\u0027s interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have alternate protections assigned to them. Interfaces intended to have no protections may have protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue affects Juniper Networks Junos OS on PTX1000 System: 17.2 versions 17.2R1 and later versions prior to 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R1-S1, 20.4R2. This issue does not affect Juniper Networks Junos OS prior to version 17.2R1 on PTX1000 System. This issue affects Juniper Networks Junos OS on PTX10002-60C System: 18.2 versions 18.2R1 and later versions prior to 18.4 versions prior to 18.4R3-S9; 19.1 versions later than 19.1R1 prior to 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions 20.4R1 and later versions prior to 21.1 versions prior to 21.1R2; 21.2 versions 21.2R1 and later versions prior to 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS prior to version 18.2R1 on PTX10002-60C System. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters. It does not rely upon the location where a filter is set, impacting both logical and physical interfaces."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11250",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11250"
            },
            {
              "name": "https://kb.juniper.net/KB10956",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/KB10956"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS on PTX1000 System: 17.3R3-S12, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S8, 18.4R3-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R2-S4, 19.4R3-S3, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS on PTX10002-60C System: 18.4R3-S9, 19.4R2-S5, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 21.1R2, 21.3R2, 21.4R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11250",
          "defect": [
            "1517804",
            "1602292"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Restart the firewall daemon after the system has rebooted after the upgrade."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-31382",
    "datePublished": "2021-10-19T18:17:24.737Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:05:37.909Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31364 (GCVE-0-2021-31364)

Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-17 01:56
VLAI
Title
Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2.
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • Denial of Service (DoS)
  • CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
URL Tags
https://kb.juniper.net/JSA11226 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 17.4R3-S5 (custom)
Affected: 18.3 , < 18.3R3-S5 (custom)
Affected: 18.4 , < 18.4R3-S9 (custom)
Affected: 19.1 , < 19.1R3-S6 (custom)
Affected: 19.2 , < 19.2R1-S7, 19.2R3-S2 (custom)
Affected: 19.3 , < 19.3R2-S6, 19.3R3-S2 (custom)
Affected: 19.4 , < 19.4R1-S4, 19.4R3-S3 (custom)
Affected: 20.1 , < 20.1R2-S2, 20.1R3 (custom)
Affected: 20.2 , < 20.2R3 (custom)
Affected: 20.3 , < 20.3R2-S1, 20.3R3 (custom)
Affected: 20.4 , < 20.4R2 (custom)
Create a notification for this product.
Date Public
2021-10-13 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.702Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11226"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "17.4R3-S5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R3-S5",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R3-S9",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R3-S6",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S7, 19.2R3-S2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2-S6, 19.3R3-S2",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R1-S4, 19.4R3-S3",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1R2-S2, 20.1R3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R2-S1, 20.3R3",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R2",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue can only occur when logging for session-close is configured similar to the following example:\n\n  [security policies from-zone untrust to-zone trust policy policy_name then log session-close]"
        }
      ],
      "datePublic": "2021-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-19T18:16:52.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11226"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11226",
        "defect": [
          "1571354"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received",
      "workarounds": [
        {
          "lang": "en",
          "value": "Please remove the session-close log action from the policy actions of all policies."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
          "ID": "CVE-2021-31364",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_value": "17.4R3-S5"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R3-S5"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R3-S9"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R3-S6"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S7, 19.2R3-S2"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2-S6, 19.3R3-S2"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R1-S4, 19.4R3-S3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R2-S2, 20.1R3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R2-S1, 20.3R3"
                          },
                          {
                            "platform": "SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue can only occur when logging for session-close is configured similar to the following example:\n\n  [security policies from-zone untrust to-zone trust policy policy_name then log session-close]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2 allows an unauthenticated network based attacker sending specific traffic to cause a crash of the flowd/srxpfe process, responsible for traffic forwarding in SRX, which will cause a Denial of Service (DoS). Continued receipt and processing of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue can only occur when specific packets are trying to create the same session and logging for session-close is configured as a policy action. Affected platforms are: SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2. Not affected platforms are: SRX4000 Series, SRX5000 Series with SPC3, and vSRX Series. This issue affects Juniper Networks Junos OS SRX300 Series, SRX500 Series, SRX1500, and SRX5000 Series with SPC2: All versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11226",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11226"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11226",
          "defect": [
            "1571354"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Please remove the session-close log action from the policy actions of all policies."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-31364",
    "datePublished": "2021-10-19T18:16:52.279Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:56:30.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25395 (GCVE-0-2021-25395)

Vulnerability from cvelistv5 – Published: 2021-06-11 14:45 – Updated: 2025-10-21 23:25
VLAI
Summary
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Affected: O(8.x), P(9.0), Q(10.0), R(11.0) , < SMR MAY-2021 Release 1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-25395",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:24:10.401062Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-06-29",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25395"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:42.440Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25395"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-06-29T00:00:00.000Z",
            "value": "CVE-2021-25395 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR MAY-2021 Release 1",
              "status": "affected",
              "version": "O(8.x), P(9.0), Q(10.0), R(11.0)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-11T14:45:22.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "O(8.x), P(9.0), Q(10.0), R(11.0)",
                            "version_value": "SMR MAY-2021 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25395",
    "datePublished": "2021-06-11T14:45:22.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:42.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.

Mitigation
Architecture and Design

Use thread-safe capabilities such as the data access abstraction in Spring.

Mitigation
Architecture and Design
  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Implementation

When using multithreading and operating on shared variables, only use thread-safe functions.

Mitigation
Implementation

Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.

Mitigation
Implementation

Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.

Mitigation
Implementation

Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.

Mitigation
Implementation

Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.

Mitigation
Implementation

Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.