CVE-2021-41119— DoS vulnerabiliity in wire-server json parser
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-41119
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoS vulnerabiliity in wire-server json parser
Source: NVD (National Vulnerability Database)
Vulnerability Description
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service for a heavily used server. The issue has been fixed in wire-server 2022-03-01 and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to 2022-03-01, so that their backends are no longer affected. There are no known workarounds for this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wire 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wire是德国Wire公司的一款聊天软件。该软件支持 Web、WindowsiOS、Android、OS X 平台,有群组功能,可以语音通话,发送照片以及其独创性的打招呼方式 PING。 Wire server 存在安全漏洞,攻击者可利用该漏洞进行拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| wireapp | wire-server | < v2022-03-01 | - |
II. Public POCs for CVE-2021-41119
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-41119
请登录查看更多情报信息。
- https://cs-syd.eu/posts/2021-09-11-json-vulnerabilityx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-41119
IV. Related Vulnerabilities
Same product: wire-server
- CVE-2023-22737
wire-server vulnerable to unauthorized removal of Bots from - CVE-2022-31122
Wire-server vulnerable to Token Recipient Confusion resultin - CVE-2022-23610
Improper Verification of Cryptographic Signature in wire-ser - CVE-2021-41100
Account takeover when having only access to a user's short l - CVE-2021-41101
CORS `Access-Control-Allow-Origin` settings are too lenient
Same vendor: wireapp
- CVE-2025-49846
wire-ios accidentally logs message contents - CVE-2025-48066
wire-webapp has no database deletion on client logout - CVE-2025-48061
wire-webapp Has Insufficient Session Invalidation after User - CVE-2023-48221
wire-avs remote format string vulnerability - CVE-2023-22737
wire-server vulnerable to unauthorized removal of Bots from
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2021-41119
No comments yet