Memory Leak Vulnerability in WildFly by Red Hat
CVE-2020-25689

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Wildfly-core
Vendor: CVE Published:; 2 November 2020

Summary

A memory leak issue exists in WildFly, specifically affecting all versions up to 21.0.0.Final. When the host-controller attempts to reconnect to the domain-controller, it enters a loop that creates new connections without closing the previously established ones. This can lead to exhaustive memory consumption, potentially causing an Out of Memory (OOM) condition and resulting in denial of service. Such behavior significantly impacts the availability of the system, allowing for service interruptions that can affect users and applications relying on the WildFly server.

Affected Version(s)

wildfly-core up to 21.0.0.Final

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689

https://security.netapp.com/advisory/ntap-20201123-0006/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2020
Vulnerability Reserved
Sep 16, 2020