A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1885485 | Issue Tracking Patch Vendor Advisory |
https://issues.redhat.com/browse/WFSSL-51 | Permissions Required Vendor Advisory |
https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20201016-0004/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2020-10-06 07:15
Updated : 2022-11-07 11:54
NVD link : CVE-2020-25644
Mitre link : CVE-2020-25644
JSON object : View
CWE
CWE-401
Missing Release of Memory after Effective Lifetime
Products Affected
redhat
- jboss_data_grid
- jboss_enterprise_application_platform
- data_grid
- single_sign-on
- jboss_fuse
- wildfly_openssl
- openshift_application_runtimes
netapp
- service_level_manager
- oncommand_insight
- oncommand_workflow_automation