VDB
RHSA-2021%3A4863
RHSA-2021%3A4863
PUBLISHED
CVSS 7.400000095367432 HIGH
It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Web Server 5 |
Timeline
- Nov 30, 2021 CVE Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2021:4863 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1981533 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1981544 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2014356 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4863.json advisory
- https://access.redhat.com/security/cve/CVE-2021-3712 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1995634 issue
- https://www.cve.org/CVERecord?id=CVE-2021-3712 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-3712 advisory
- https://www.openssl.org/news/secadv/20210824.txt advisory
- https://access.redhat.com/security/cve/CVE-2021-23840 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1930324 issue
- https://www.cve.org/CVERecord?id=CVE-2021-23840 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-23840 advisory
- https://www.openssl.org/news/secadv/20210216.txt advisory
- https://access.redhat.com/security/cve/CVE-2021-23841 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1930310 issue
- https://www.cve.org/CVERecord?id=CVE-2021-23841 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-23841 advisory
…and 14 more