CVE-2020-25689

CWE-401 — Memory Leak CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 53.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7

Redhat Wildfly RED HAT Wildfly-core Redhat Fuse +4 more

Timeline

PublishedNov 2

Latest updateMay 24

Description

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages8 packages

▶Mavenorg.wildfly:wildfly-dist< 21.0.1

▶NVDredhat/wildfly21.0.0

▶CVEListV5red_hat/wildfly-coreup to 21.0.0.Final

▶NVDredhat/fuse6.0.0

▶NVDredhat/jboss_fuse7.0.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

3

GHSA

Uncontrolled Resource Consumption in WildFly↗2022-05-24

▶

OSV

Uncontrolled Resource Consumption in WildFly↗2022-05-24

▶

CVEList

CVE-2020-25689: A memory leak flaw was found in WildFly in all versions up to 21↗2020-10-30

▶

📋Vendor Advisories

1

Red Hat

wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller↗2020-10-30

▶

💬Community

1

Bugzilla

CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller↗2020-10-30

▶