CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:3.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:3.6.0:beta2:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:jboss_brms:5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_brms:6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_soa_platform:5:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:03

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=1860218 - Issue Tracking, Vendor Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1860218 - Issue Tracking, Vendor Advisory
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory

12 May 2022, 14:06

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

31 Mar 2022, 18:15

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
CPE cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
CWE CWE-400 NVD-CWE-Other

07 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

14 Jun 2021, 16:40

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 4.3
v3 : 5.9

10 Jun 2021, 17:05

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_brms:6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_brms:5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:3.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_soa_platform:5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:3.6.0:beta2:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-400
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1860218 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1860218 - Issue Tracking, Vendor Advisory

02 Jun 2021, 13:36

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-02 13:15

Updated : 2024-11-21 05:03


NVD link : CVE-2020-14340

Mitre link : CVE-2020-14340

CVE.ORG link : CVE-2020-14340


JSON object : View

Products Affected

redhat

  • jboss_data_virtualization
  • jboss_enterprise_application_platform
  • jboss_soa_platform
  • jboss_fuse
  • jboss_brms
  • jboss_operations_network
  • xnio
  • jboss_data_grid

oracle

  • communications_cloud_native_core_network_repository_function
  • communications_cloud_native_core_service_communication_proxy
  • communications_cloud_native_core_console
  • communications_cloud_native_core_policy
  • communications_cloud_native_core_unified_data_repository
  • communications_cloud_native_core_security_edge_protection_proxy
CWE
CWE-400

Uncontrolled Resource Consumption

NVD-CWE-Other