Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05N2hwLTZxOWctNWN3Ms4AAmfJ
Uncontrolled Resource Consumption in WildFly
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Permalink: https://github.com/advisories/GHSA-97hp-6q9g-5cw2JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05N2hwLTZxOWctNWN3Ms4AAmfJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00066
EPSS Percentile: 0.30507
Identifiers: GHSA-97hp-6q9g-5cw2, CVE-2020-25689
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-25689
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689
- https://security.netapp.com/advisory/ntap-20201123-0006/
- https://github.com/advisories/GHSA-97hp-6q9g-5cw2
Affected Packages
maven:org.wildfly:wildfly-dist
Dependent packages: 37Dependent repositories: 390
Downloads:
Affected Version Ranges: <= 21.0.0
Fixed in: 21.0.1
All affected versions:
All unaffected versions: