{"id":"CVE-2021-4213","details":"A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.","modified":"2026-04-11T18:45:36.180571Z","published":"2022-08-24T16:15:09.980Z","related":["ALSA-2022:1851"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-4213"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2021-4213"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042900"},{"type":"FIX","url":"https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2"},{"type":"FIX","url":"https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dogtagpki/jss","events":[{"introduced":"0"},{"fixed":"99b32c3515304a2053fe03bd460a2e11ecc6872f"},{"introduced":"21af2aaec9e8948019e5189fa3fa5d2417f9eafa"},{"fixed":"6472faa92930120fff9d350d04343a5a8fbc9d91"},{"fixed":"3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2"},{"fixed":"5922560a78d0dee61af8a33cc9cfbf4cfa291448"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.9.3"},{"introduced":"5.0.0"},{"fixed":"5.1.0"}]}}],"versions":["JSS_4_4_20170313","JSS_4_4_20170328","JSS_4_4_20170501","JSS_4_4_3","NSS_3_14_2_BETA2","NSS_3_14_2_BETA3","NSS_3_14_2_RTM","NSS_3_14_3_BETA1","NSS_3_14_3_RC0","NSS_3_14_3_RTM","v4.4.3","v4.4.4","v4.5.0","v4.5.0-a1","v4.5.0-a2","v4.5.0-a3","v4.5.0-a4","v4.5.0-b1","v4.5.1","v4.5.2","v4.6.0","v4.6.1","v4.6.2","v4.6.3","v4.7.0","v4.7.0-b1","v4.7.0-b2","v4.7.0-b3","v4.7.0-b4","v4.7.1","v4.7.2","v4.8.0","v4.8.0-b1","v4.8.1","v4.9.0","v4.9.0-alpha1","v4.9.0-alpha2","v4.9.1","v4.9.2","v5.0.0","v5.1.0-alpha1","v5.1.0-alpha2"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["37432704366700311483301766886398557852","294858725942001584942105130223247473799","60006491667414592306235336524934132073","100836594654931845128508451801298076821","326853062492569989422745553414016718497","190767088664547324683593368630807189480","198854810990081849766030138853555691566","151635163410598877725097489288426482454"]},"source":"https://github.com/dogtagpki/jss/commit/6472faa92930120fff9d350d04343a5a8fbc9d91","target":{"file":"src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java"},"id":"CVE-2021-4213-08178e16"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"219749423068332797498153345312605903130","length":1302},"source":"https://github.com/dogtagpki/jss/commit/6472faa92930120fff9d350d04343a5a8fbc9d91","target":{"file":"src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java","function":"checkSSLAlerts"},"id":"CVE-2021-4213-15e35920"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"53900283518551809885924419871545033797","length":444},"source":"https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448","target":{"file":"src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java","function":"cleanupSSLFD"},"id":"CVE-2021-4213-1e6e0e4e"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"156225052922560045367427690358805773123","length":165},"source":"https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448","target":{"file":"src/main/java/org/mozilla/jss/nss/SSLFDProxy.java","function":"releaseNativeResources"},"id":"CVE-2021-4213-319b8b37"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["70414584937688691418959387837383639088","184380057306289880382970560034723865336","289180661143112163918906210432224844254","260711449837960221625440174471868579663","147265512721861978994190199797215748843","10196732133123374531843117410672514415","299482203258699554369622827932554896111","205640474597147053195859000299904183990","297443378685805027606782421161262206014","103672784752009183058197262856681291262","100604562822771284684289016573000961557","108587633537507210242609878158511307392"]},"source":"https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448","target":{"file":"src/main/java/org/mozilla/jss/nss/SSLFDProxy.java"},"id":"CVE-2021-4213-82ef5c48"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["148430987734620631526867309489734105335","136551681666045459290051962843935282635","271516098814979977888817798041242170439","55404809171744665335595296731884407523"]},"source":"https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448","target":{"file":"src/main/java/org/mozilla/jss/util/GlobalRefProxy.java"},"id":"CVE-2021-4213-abf7b8ab"},{"deprecated":false,"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"219749423068332797498153345312605903130","length":1302},"source":"https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2","target":{"file":"src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java","function":"checkSSLAlerts"},"id":"CVE-2021-4213-d8a842c2"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["37432704366700311483301766886398557852","294858725942001584942105130223247473799","60006491667414592306235336524934132073","100836594654931845128508451801298076821","326853062492569989422745553414016718497","190767088664547324683593368630807189480","198854810990081849766030138853555691566","151635163410598877725097489288426482454"]},"source":"https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2","target":{"file":"src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java"},"id":"CVE-2021-4213-f41a1a61"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["203692485456295385397758516792272558075","16191805119952505393581590119351600524","49939681293512275685100863593396623991","253875525362253716144048744726692625250","289124356721616494175359873477054604907","72534848300577167057492073107428433662","243432235600768492575099973824243956780","26524115824917176634157549856519774790","335486120791894628648788999364448710616","257556877707185846372730833220240311335","77227145818541382172210577852980687646","125546490764732189946148779822259188972","162024439652882201799859336716404027896","303906379920496623012138155819742482134","324469498220904681607458504736737127332","150627077577791991003551644809907184063","244116941531702325687997541856182447210","314984313646827669005302199914587703232","228398403339612311472317892733370025702","229887134261204045962845918494914263950","289364554913352539270557840493695808202","242691874994251331260525114288807794775"]},"source":"https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448","target":{"file":"src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java"},"id":"CVE-2021-4213-f552131f"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4213.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"vanir_signatures_modified":"2026-04-11T18:45:36Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}