A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689 | Exploit Issue Tracking Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20201123-0006/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
19 Oct 2021, 12:06
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201123-0006/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
|
CWE | CWE-401 |
Information
Published : 2020-11-02 21:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-25689
Mitre link : CVE-2020-25689
CVE.ORG link : CVE-2020-25689
JSON object : View
Products Affected
redhat
- wildfly
- openshift_application_runtimes
- single_sign-on
- jboss_data_grid
- jboss_enterprise_application_platform
- jboss_fuse
- fuse
netapp
- active_iq_unified_manager
- oncommand_insight
- service_level_manager
CWE
CWE-401
Missing Release of Memory after Effective Lifetime