Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25689

Опубликовано: 30 окт. 2020
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CodeReady Studio 12wildfly-coreNot affected
Red Hat Decision Manager 7wildfly-coreNot affected
Red Hat JBoss Data Grid 7wildfly-coreOut of support scope
Red Hat JBoss Fuse 6wildfly-coreOut of support scope
Red Hat OpenShift Application Runtimeswildfly-coreAffected
Red Hat Process Automation 7wildfly-coreNot affected
Red Hat Fuse 7.11wildfly-coreFixedRHSA-2022:553207.07.2022
Red Hat JBoss Enterprise Application Platform 7wildfly-coreFixedRHSA-2021:025025.01.2021
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6eap7-activemq-artemisFixedRHSA-2021:024625.01.2021
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6eap7-glassfish-jsfFixedRHSA-2021:024625.01.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-401
https://bugzilla.redhat.com/show_bug.cgi?id=1893070wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller

EPSS

Процентиль: 47%
0.00238
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-25689

CVSS3: 5.3
nvd
больше 5 лет назад

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2020-25689

CVSS3: 5.3
debian
больше 5 лет назад

A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...

github логотип

GHSA-97hp-6q9g-5cw2

CVSS3: 6.5
github
больше 3 лет назад

Uncontrolled Resource Consumption in WildFly

EPSS

Процентиль: 47%
0.00238
Низкий

5.3 Medium

CVSS3