CVE-2021-3642

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3642

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3642.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3642

Aliases

GHSA-5499-qjvh-6j7w

Related

Published

2021-08-05T21:15:13Z

Modified

2024-09-03T03:54:20.236366Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1981407

Affected packages

Git / github.com/wildfly-security/wildfly-elytron

Affected ranges

Type: GIT
Repo: https://github.com/wildfly-security/wildfly-elytron
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c81df0bd62298f925f8a2a523434721c36d11a93

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Beta1

1.0.0.Beta2

1.0.0.Beta3

1.0.0.Beta4

1.0.0.Beta5

1.0.0.Beta6

1.0.0.Beta7

1.0.0.Beta8

1.0.0.Beta9

1.0.0.CR2

1.0.0.CR3

1.0.0.CR4

1.0.1.CR1

1.0.4.CR1

1.0.5.Final

1.0.6.Final

1.0.7.Final

1.0.8.Final

1.0.9.Final

1.1.0.Alpha1

1.1.0.Beta1

1.1.0.Beta10

1.1.0.Beta11

1.1.0.Beta12

1.1.0.Beta13

1.1.0.Beta14

1.1.0.Beta15

1.1.0.Beta16

1.1.0.Beta17

1.1.0.Beta18

1.1.0.Beta19

1.1.0.Beta2

1.1.0.Beta20

1.1.0.Beta21

1.1.0.Beta22

1.1.0.Beta23

1.1.0.Beta24

1.1.0.Beta25

1.1.0.Beta26

1.1.0.Beta27

1.1.0.Beta28

1.1.0.Beta29

1.1.0.Beta3

1.1.0.Beta30

1.1.0.Beta31

1.1.0.Beta32

1.1.0.Beta33

1.1.0.Beta34

1.1.0.Beta35

1.1.0.Beta36

1.1.0.Beta37

1.1.0.Beta38

1.1.0.Beta39

1.1.0.Beta4

1.1.0.Beta40

1.1.0.Beta41

1.1.0.Beta42

1.1.0.Beta43

1.1.0.Beta44

1.1.0.Beta45

1.1.0.Beta46

1.1.0.Beta47

1.1.0.Beta48

1.1.0.Beta49

1.1.0.Beta5

1.1.0.Beta50

1.1.0.Beta51

1.1.0.Beta52

1.1.0.Beta53

1.1.0.Beta54

1.1.0.Beta55

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.1.0.Beta9

1.1.0.CR1

1.1.0.CR2

1.1.0.CR3

1.1.0.CR4

1.1.0.CR5

1.1.0.CR6

1.1.0.Final

1.1.1.Final

1.1.10.Final

1.1.11.Final

1.1.12.Final

1.1.2.CR1

1.1.2.Final

1.1.3.Final

1.1.4.Final

1.1.5.Final

1.1.6.Final

1.1.7.Final

1.1.8.Final

1.1.9.Final

1.10.0.CR1

1.10.0.CR2

1.10.0.CR3

1.10.0.CR4

1.10.0.CR5

1.10.0.CR6

1.10.0.Final

1.10.1.Final

1.10.10.Final

1.10.11.Final

1.10.12.Final

1.10.13.Final

1.10.2.Final

1.10.3.Final

1.10.4.Final

1.10.5.Final

1.10.6.Final

1.10.7.Final

1.10.8.Final

1.10.9.Final

1.2.0.Beta1

1.2.0.Beta10

1.2.0.Beta11

1.2.0.Beta12

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.Final

1.2.1.Final

1.2.1.SP1

1.2.2.Final

1.2.2.SP1

1.2.2.SP2

1.2.3.Final

1.2.3.SP1

1.2.4.Final

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.4.0.Final

1.4.1.Final

1.5.0.Final

1.5.1.Final

1.5.2.Final

1.5.3.Final

1.5.4.Final

1.5.5.Final

1.6.0.CR1

1.6.0.Final

1.6.1.Final

1.6.2.Final

1.6.3.Final

1.6.4.Final

1.6.5.Final

1.6.6.Final

1.6.7.Final

1.6.8.Final

1.7.0.CR1

1.7.0.CR2

1.7.0.CR3

1.7.0.Final

1.8.0.CR1

1.8.0.CR2

1.8.0.Final

1.9.0.CR1

1.9.0.CR2

1.9.0.CR3

1.9.0.CR4

1.9.0.CR5

1.9.0.Final

1.9.1.Final