Описание
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Меры по смягчению последствий
There is currently no known mitigation for this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | wildfly-openssl | Not affected | ||
| Red Hat OpenShift Application Runtimes | wildfly-openssl | Affected | ||
| Red Hat Process Automation 7 | wildfly-openssl | Not affected | ||
| EAP 7.3.3 | wildfly-openssl-natives-parent | Fixed | RHSA-2020:4923 | 04.11.2020 |
| Red Hat Data Grid 7.3.8 | wildfly-openssl | Fixed | RHSA-2020:5410 | 14.12.2020 |
| Red Hat Data Grid 8.1.1 | wildfly-openssl | Fixed | RHSA-2021:0433 | 08.02.2021 |
| Red Hat Fuse 7.9 | wildfly-openssl | Fixed | RHSA-2021:3140 | 11.08.2021 |
| Red Hat JBoss Enterprise Application Platform 7 | wildfly-openssl-natives-parent | Fixed | RHSA-2020:4257 | 14.10.2020 |
| Red Hat JBoss Enterprise Application Platform 7 | Fixed | RHSA-2020:5344 | 03.12.2020 | |
| Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | eap7-glassfish-el | Fixed | RHSA-2025:9582 | 25.06.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...
Уязвимость библиотеки OpenSSL сервера WildFly, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании или получить полный доступ к системе
EPSS
7.5 High
CVSS3