CVE-2020-25689

CVSS v3.1 6.5 (Medium)

CVSS v2.0 6.8 (Medium)

EPSS 0.07 % (30^th)

Affected Products 10

Advisories 1

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

Weaknesses

CWE-401: Missing Release of Memory after Effective Lifetime

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-11-02 21:15:27
(3 years ago)
Updated Date: 2023-02-12 23:40:41
(19 months ago)

Affected Products

Netapp

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Wildfly 21.0.0 and prior versions	cpe:2.3:a:redhat:wildfly		<= 21.0.0

Configuration #2

		CPE23	From	Up To
	Redhat Fuse 6.0.0	cpe:2.3:a:redhat:fuse:6.0.0
	Redhat Jboss Data Grid 7.0.0	cpe:2.3:a:redhat:jboss_data_grid:7.0.0
	Redhat Jboss Enterprise Application Platform 7.0.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
	Redhat Jboss Fuse 7.0.0	cpe:2.3:a:redhat:jboss_fuse:7.0.0
	Redhat Openshift Application Runtimes	cpe:2.3:a:redhat:openshift_application_runtimes:-
	Redhat Single Sign-on 7.0	cpe:2.3:a:redhat:single_sign-on:7.0

Configuration #3

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Linux	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Active Iq Unified Manager for Windows	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows
	Netapp Oncommand Insight	cpe:2.3:a:netapp:oncommand_insight:-
	Netapp Service Level Manager	cpe:2.3:a:netapp:service_level_manager:-