CVE-2020-25644

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.24 % (65^th)

Affected Products 10

Advisories 1

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

Weaknesses

CWE-401: Missing Release of Memory after Effective Lifetime

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-10-06 14:15:12
(4 years ago)
Updated Date: 2024-02-21 21:08:54
(7 months ago)

Affected Products

Netapp

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Wildfly Openssl prior 1.1.3 version	cpe:2.3:a:redhat:wildfly_openssl		< 1.1.3

Configuration #2

		CPE23	From	Up To
	Redhat Data Grid 8.0	cpe:2.3:a:redhat:data_grid:8.0
	Redhat Jboss Data Grid 7.0.0	cpe:2.3:a:redhat:jboss_data_grid:7.0.0
	Redhat Jboss Enterprise Application Platform 7.0.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
	Redhat Jboss Fuse 7.0.0	cpe:2.3:a:redhat:jboss_fuse:7.0.0
	Redhat Openshift Application Runtimes	cpe:2.3:a:redhat:openshift_application_runtimes:-
	Redhat Single Sign-on 7.0	cpe:2.3:a:redhat:single_sign-on:7.0

Configuration #3

		CPE23	From	Up To
	Netapp Oncommand Insight	cpe:2.3:a:netapp:oncommand_insight:-
	Netapp Oncommand Workflow Automation	cpe:2.3:a:netapp:oncommand_workflow_automation:-
	Netapp Service Level Manager	cpe:2.3:a:netapp:service_level_manager:-