CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:wildfly_openssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*

Information

Published : 2020-10-06 07:15

Updated : 2022-11-07 11:54


NVD link : CVE-2020-25644

Mitre link : CVE-2020-25644


JSON object : View

CWE
CWE-401

Missing Release of Memory after Effective Lifetime

Advertisement

dedicated server usa

Products Affected

redhat

  • jboss_data_grid
  • jboss_enterprise_application_platform
  • data_grid
  • single_sign-on
  • jboss_fuse
  • wildfly_openssl
  • openshift_application_runtimes

netapp

  • service_level_manager
  • oncommand_insight
  • oncommand_workflow_automation