Candidate: CVE-2021-41585
PublicDate: 2021-11-03 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41585
 https://www.openwall.com/lists/oss-security/2021/11/02/11
 https://github.com/apache/trafficserver/pull/8456/
 https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master)
 https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x)
Description:
 Improper Input Validation vulnerability in accepting socket connections in
 Apache Traffic Server allows an attacker to make the server stop accepting
 new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_trafficserver:
upstream_trafficserver: not-affected (debian: Only affects FreeBSD)
trusty_trafficserver: ignored (out of standard support)
xenial_trafficserver: ignored (out of standard support)
bionic_trafficserver: needs-triage
focal_trafficserver: needs-triage
hirsute_trafficserver: ignored (reached end-of-life)
impish_trafficserver: needs-triage
jammy_trafficserver: needs-triage
devel_trafficserver: needs-triage