CVE-2020-14340

CVSS v3.1 5.9 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.12 % (47^th)

Affected Products 14

Advisories 1

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

Weaknesses

CWE-400: Uncontrolled Resource Consumption
CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-06-02 13:15:08
(3 years ago)
Updated Date: 2022-07-25 11:35:13
(2 years ago)

Affected Products

Oracle

Redhat

Configuration #1

	CPE23	From	Up To
Redhat Xnio from 3.6.1 version and prior 3.7.9 version	cpe:2.3:a:redhat:xnio	>= 3.6.1	< 3.7.9
Redhat Xnio from 3.8.0 version and prior 3.8.2 version	cpe:2.3:a:redhat:xnio	>= 3.8.0	< 3.8.2
Redhat Xnio 3.6.0 Beta1	cpe:2.3:a:redhat:xnio:3.6.0:beta1
Redhat Xnio 3.6.0 Beta2	cpe:2.3:a:redhat:xnio:3.6.0:beta2

Configuration #2

		CPE23	From	Up To
	Redhat Jboss Brms 5	cpe:2.3:a:redhat:jboss_brms:5
	Redhat Jboss Brms 6	cpe:2.3:a:redhat:jboss_brms:6
	Redhat Jboss Data Grid 6.0.0	cpe:2.3:a:redhat:jboss_data_grid:6.0.0
	Redhat Jboss Data Grid 7.0.0	cpe:2.3:a:redhat:jboss_data_grid:7.0.0
	Redhat Jboss Data Virtualization 6.0.0	cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-
	Redhat Jboss Enterprise Application Platform 5.0.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0
	Redhat Jboss Enterprise Application Platform 6.0.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0
	Redhat Jboss Fuse 6.0.0	cpe:2.3:a:redhat:jboss_fuse:6.0.0
	Redhat Jboss Fuse 7.0.0	cpe:2.3:a:redhat:jboss_fuse:7.0.0
	Redhat Jboss Operations Network 3.0	cpe:2.3:a:redhat:jboss_operations_network:3.0
	Redhat Jboss Soa Platform 5	cpe:2.3:a:redhat:jboss_soa_platform:5

Configuration #3

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Console 1.9.0	cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0
	Oracle Communications Cloud Native Core Network Repository Function 1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0
	Oracle Communications Cloud Native Core Policy 1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0
	Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.15.0	cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0
	Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0
	Oracle Communications Cloud Native Core Unified Data Repository 1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0