Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05N2hwLTZxOWctNWN3Ms4AAmfJ

Uncontrolled Resource Consumption in WildFly

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

Permalink: https://github.com/advisories/GHSA-97hp-6q9g-5cw2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05N2hwLTZxOWctNWN3Ms4AAmfJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Percentage: 0.00066
EPSS Percentile: 0.30507

Identifiers: GHSA-97hp-6q9g-5cw2, CVE-2020-25689
References: Blast Radius: 16.8

Affected Packages

maven:org.wildfly:wildfly-dist
Dependent packages: 37
Dependent repositories: 390
Downloads:
Affected Version Ranges: <= 21.0.0
Fixed in: 21.0.1
All affected versions:
All unaffected versions: