CVE-2020-25689
published 2020-11-02CVE-2020-25689: A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | wildfly-core | — | — |
| redhat | fuse | — | — |
| redhat | jboss_data_grid | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_fuse | — | — |
| redhat | single_sign-on | — | — |
| redhat | wildfly | <= 21.0.0 | — |