Vulnerability Name: | CVE-2020-25644 (CCN-189416) | ||||||||||||
Assigned: | 2020-10-06 | ||||||||||||
Published: | 2020-10-06 | ||||||||||||
Updated: | 2022-11-07 | ||||||||||||
Summary: | A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
Vulnerability Type: | CWE-401 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-25644 Source: CCN Type: Red Hat Bugzilla - Bug 1885485 (CVE-2020-25644) - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL Source: MISC Type: Issue Tracking, Patch, Vendor Advisory https://bugzilla.redhat.com/show_bug.cgi?id=1885485 Source: XF Type: UNKNOWN wildfly-cve202025644-dos(189416) Source: CCN Type: wildfly-openssl GIT Repository wildfly-openssl Source: MISC Type: Patch, Third Party Advisory https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files Source: MISC Type: Permissions Required, Vendor Advisory https://issues.redhat.com/browse/WFSSL-51 Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20201016-0004/ | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Denotes that component is vulnerable | ||||||||||||
BACK |