• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.19.0, 8.13.14
• Affects Version/s: 8.5.17, 8.13.9, 8.18.1
• Component/s: None
• Labels:

  • CVE-2021-39116
  • advisory
  • advisory-to-release
  • dont-import
  • security

[JRASERVER-72738] Denial of Service when reading particularly-crafted GIF files - CVE-2021-39116

Collapse comment: AB added a comment - 06/Jan/2022 4:16 AM

AB added a comment - 06/Jan/2022 4:16 AM

Version 8.13.14 has been published, and contains a fix for the 8.13.x minor series.

As a result, the affected versions range has changed. Please check the updated description for details.

The change will be propagated through to Mitre's CVE listings soon.

Expand comment: AB added a comment - 06/Jan/2022 4:16 AM

AB added a comment - 06/Jan/2022 4:16 AM Version 8.13.14 has been published, and contains a fix for the 8.13.x minor series. As a result, the affected versions range has changed. Please check the updated description for details. The change will be propagated through to Mitre's CVE listings soon.

AB made changes - 06/Jan/2022 4:12 AM

Description

Original: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.19.0. **Affected versions:**  * version < 8.19.0 **Fixed versions:**  * 8.19.0

New: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the GIF Image Reader component. The affected versions are before version 8.13.14, and from version 8.14.0 before 8.19.0. *Affected versions:*  * version < 8.13.14  * 8.14.0 ≤ version < 8.19.0 *Fixed versions:*  * 8.13.14  * 8.19.0

AB made changes - 06/Jan/2022 4:11 AM

Fix Version/s

New: 8.13.14 [ 97812 ]

Mark Lang made changes - 17/Oct/2021 8:24 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 592028 ]

Geoff made changes - 05/Oct/2021 7:18 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 589128 ]

Collapse comment: Tomasz Baszczynski added a comment - 01/Oct/2021 11:45 AM

Tomasz Baszczynski added a comment - 01/Oct/2021 11:45 AM

Can someone from Atlassian please confirm that 8.13.10 / 8.13.11 are not affected?

Expand comment: Tomasz Baszczynski added a comment - 01/Oct/2021 11:45 AM

Tomasz Baszczynski added a comment - 01/Oct/2021 11:45 AM Can someone from Atlassian please confirm that 8.13.10 / 8.13.11 are not affected?

Collapse comment: Emilio Palmiero added a comment - 16/Sep/2021 3:41 PM

Emilio Palmiero added a comment - 16/Sep/2021 3:41 PM

Can someone from Atlassian please confirm that 8.13.10 is not affected?

Expand comment: Emilio Palmiero added a comment - 16/Sep/2021 3:41 PM

Emilio Palmiero added a comment - 16/Sep/2021 3:41 PM Can someone from Atlassian please confirm that 8.13.10 is not affected?

Collapse comment: Tobias Peter added a comment - 16/Sep/2021 8:22 AM

Tobias Peter added a comment - 16/Sep/2021 8:22 AM

I had the same question: what about the latest 8.13 LTS release?

After a quick research with the given CVE I found on vulners.com that 8.13.10 LTS is not affected anymore.

Expand comment: Tobias Peter added a comment - 16/Sep/2021 8:22 AM

Tobias Peter added a comment - 16/Sep/2021 8:22 AM I had the same question: what about the latest 8.13 LTS release? After a quick research with the given CVE I found on vulners.com that 8.13.10 LTS is not affected anymore.

Security Metrics Bot made changes - 16/Sep/2021 5:27 AM

CVE ID

New: CVE-2021-39116

Collapse comment: Emilio Palmiero added a comment - 12/Sep/2021 6:03 AM

Emilio Palmiero added a comment - 12/Sep/2021 6:03 AM

Will this be fixed in the 8.13 LTS release?

Expand comment: Emilio Palmiero added a comment - 12/Sep/2021 6:03 AM

Emilio Palmiero added a comment - 12/Sep/2021 6:03 AM Will this be fixed in the 8.13 LTS release?

Load more older events