CVE-2021-41585
Publication date 3 November 2021
Last updated 11 July 2025
Ubuntu priority
Description
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| trafficserver | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Other references
- https://www.openwall.com/lists/oss-security/2021/11/02/11
- https://github.com/apache/trafficserver/pull/8456/
- https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master)
- https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x)
- https://www.cve.org/CVERecord?id=CVE-2021-41585