CVE-2021-42073
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-42073
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42073.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-42073
- Downstream
- Related
- Published
- 2021-11-08T04:15:08.500Z
- Modified
- 2025-12-05T10:06:15.197722Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is "Unnamed" by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.
- References
Affected packages
Git / github.com/debauchee/barrier
Affected ranges
- Type
- GIT
- Repo
- https://github.com/debauchee/barrier
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
1.*
1.6.0
1.6.1
1.6.2
1.6.3-final
1.7.0
v1.*
v1.7.1-stable
v1.7.2-stable
v1.7.3-stable
v1.8.0-beta
v1.8.1-stable
v1.8.3-stable
v1.8.4-stable
v1.8.5-stable
v1.8.6-stable
v1.8.7-stable
v1.8.8-stable
v2.*
v2.0.0
v2.0.0-RC1
v2.0.0-RC2
v2.1.0
v2.1.1
v2.1.2
v2.3.0
v2.3.1
v2.3.2
v2.3.3
Database specific
vanir_signatures
[
{
"target": {
"file": "src/lib/net/SecureSocket.cpp"
},
"signature_version": "v1",
"id": "CVE-2021-42073-11f1885f",
"signature_type": "Line",
"digest": {
"line_hashes": [
"112069639199550232085131939737670207238",
"294534203990236492763871166923530342240",
"265487572797526905119350918858006730449",
"91633888949993152015620535668707994025",
"271608896478537080480520983033586524099",
"109047816141698837380817501054441215470",
"15427373264576318469290486154984148747",
"110793145488946363324771852217377332767",
"271962773562350424727726245361754319",
"309418053151059126756134204654484996062",
"148499883181912836842399984432181923603",
"318660442635374309966027829687056920707",
"185856228110197874830332933975073888043",
"59951682218598753170056678159937507135",
"176155023348876221604226056384365672585"
],
"threshold": 0.9
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/barrier/ServerApp.cpp",
"function": "ServerApp::help"
},
"signature_version": "v1",
"id": "CVE-2021-42073-1c3b2b4b",
"signature_type": "Function",
"digest": {
"length": 1998.0,
"function_hash": "311117115316073391650724728749938492896"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/barrier/ServerArgs.h"
},
"signature_version": "v1",
"id": "CVE-2021-42073-31e5a22d",
"signature_type": "Line",
"digest": {
"line_hashes": [
"256220397337340084867202020264281417585",
"177099834923089016488854777288708998504"
],
"threshold": 0.9
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/barrier/ArgParser.cpp",
"function": "ArgParser::parseServerArgs"
},
"signature_version": "v1",
"id": "CVE-2021-42073-55d6b1a0",
"signature_type": "Function",
"digest": {
"length": 963.0,
"function_hash": "234094656453341390975358431660228405255"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/client/Client.cpp",
"function": "Client::connect"
},
"signature_version": "v1",
"id": "CVE-2021-42073-60a02c37",
"signature_type": "Function",
"digest": {
"length": 1045.0,
"function_hash": "211368880157530356733051071166951742678"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/barrier/ServerApp.cpp"
},
"signature_version": "v1",
"id": "CVE-2021-42073-685d7c32",
"signature_type": "Line",
"digest": {
"line_hashes": [
"237404893406145424516156420534778072800",
"9688802079784301407141715163280385547",
"266234949994727535729527605146181941356",
"37272064588605994333685563213089421910",
"6188713201936465453225607933919447322",
"29143241339315231252049061910538141032",
"104053649908578914785305295184021475166",
"165384141377151545501238575588751258383"
],
"threshold": 0.9
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/net/SecureSocket.cpp",
"function": "SecureSocket::verify_cert_fingerprint"
},
"signature_version": "v1",
"id": "CVE-2021-42073-6b2278d7",
"signature_type": "Function",
"digest": {
"length": 1221.0,
"function_hash": "122231749184673320432117146980812088386"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/gui/src/MainWindow.cpp",
"function": "MainWindow::checkFingerprint"
},
"signature_version": "v1",
"id": "CVE-2021-42073-98dd365f",
"signature_type": "Function",
"digest": {
"length": 2116.0,
"function_hash": "298316246353575631583699242088742038334"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/net/SecureSocket.cpp",
"function": "SecureSocket::secureAccept"
},
"signature_version": "v1",
"id": "CVE-2021-42073-a4bd6560",
"signature_type": "Function",
"digest": {
"length": 865.0,
"function_hash": "38761035302617728328843097154050861082"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/net/ConnectionSecurityLevel.h"
},
"signature_version": "v1",
"id": "CVE-2021-42073-a54ef439",
"signature_type": "Line",
"digest": {
"line_hashes": [
"111726795033696125735846926833687699778",
"66249974514529121043771018135003275824",
"251941617368918536357048138959561529743"
],
"threshold": 0.9
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/barrier/ServerApp.cpp",
"function": "ServerApp::openClientListener"
},
"signature_version": "v1",
"id": "CVE-2021-42073-a5661365",
"signature_type": "Function",
"digest": {
"length": 463.0,
"function_hash": "227593561030705082208332267993053789543"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/client/Client.cpp"
},
"signature_version": "v1",
"id": "CVE-2021-42073-a82dd873",
"signature_type": "Line",
"digest": {
"line_hashes": [
"61823464322085737443328219995967593495",
"225559898951475921121613718784126843843",
"221192860624088113869367838815605704583",
"156799542284316131524636736899968353236"
],
"threshold": 0.9
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/net/SecureSocket.cpp",
"function": "SecureSocket::initContext"
},
"signature_version": "v1",
"id": "CVE-2021-42073-b46a8ee9",
"signature_type": "Function",
"digest": {
"length": 438.0,
"function_hash": "324446054489941695557291522237580384116"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/gui/src/MainWindow.cpp",
"function": "MainWindow::serverArgs"
},
"signature_version": "v1",
"id": "CVE-2021-42073-def48849",
"signature_type": "Function",
"digest": {
"length": 701.0,
"function_hash": "298724208975909373181946944028445699842"
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/lib/barrier/ArgParser.cpp"
},
"signature_version": "v1",
"id": "CVE-2021-42073-ed0bf19d",
"signature_type": "Line",
"digest": {
"line_hashes": [
"273210328861354140183067368491737422884",
"139562638347022928366222476012538756437",
"106836562994637393813389554439155885597",
"336933552865658998459860503073667037780"
],
"threshold": 0.9
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
},
{
"target": {
"file": "src/gui/src/MainWindow.cpp"
},
"signature_version": "v1",
"id": "CVE-2021-42073-f18edbdd",
"signature_type": "Line",
"digest": {
"line_hashes": [
"89048000992954045921507688844638215583",
"264519465180513552161251143757571202689",
"168046789468258962253278266929352789753",
"101056039157638338775522081189552226601",
"292383302256669263007386604426066746540",
"46409381487964435022839051136463332298",
"66965795044691190085060304875890757845",
"197731435244093884715584677133993316718",
"293919607968360559865746198414886022251",
"191065502777345044868069731222870942619",
"96342524376271132709813480136904086845",
"149967967153265865002997346288831530986",
"138328636950467663170823116523399641321",
"247704851395692087501755671919492087890",
"267632934163123768591834271741425593004",
"55459126058465137811543260303622395629",
"178854980278005220023834124922023180580",
"173321038781522997571810237044218143864",
"163528744738895373755474883944877449268",
"141736542958765789430474105710655814323",
"62174563369682798503370898337651176488",
"22102995920458992273203935852553796733",
"87328694459654584839406663550130424500",
"16021232214031577872288133047357914381",
"277452864297599388389678011954744545670",
"281575165444959033592870142270441721121",
"115530386325004631878116262980519224171",
"225026845312720595689733825291584968607",
"64059977976340877110031076052863377622"
],
"threshold": 0.9
},
"source": "https://github.com/debauchee/barrier/commit/229abab99f39f11624e5651f819e7f1f8eddedcc",
"deprecated": false
}
]