CVE-2020-14326 — Uncontrolled Resource Consumption in Redhat Resteasy

CWE-400 — Uncontrolled Resource Consumption CWE-407 — Inefficient Algorithmic Complexity8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 34.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Resteasy

Timeline

PublishedJun 2

Latest updateMar 18

Description

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/resteasy4.2.0 — 4.5.6

▶CVEListV5redhat/resteasyRESTEasy 4.5.6.Final

🔴Vulnerability Details

OSV

RESTEasy 4.5.5.Final in hash flooding↗2022-03-18

▶

GHSA

RESTEasy 4.5.5.Final in hash flooding↗2022-03-18

▶

CVEList

CVE-2020-14326: A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes↗2021-06-02

▶

OSV

CVE-2020-14326: A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes↗2021-06-02

▶

📋Vendor Advisories

Red Hat

RESTEasy: Caching routes in RootNode may result in DoS↗2020-07-09

▶

Debian

CVE-2020-14326: resteasy - A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes....↗2020

▶

💬Community

Bugzilla

CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS↗2020-07-10

▶