CVE-2020-25689

2020-11-0221:15:27

Google

osv.dev

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

CPENameOperatorVersion
wildflyeq8.0.0.CR1
wildflyeq10.0.0.Alpha4
wildflyeq17.0.0.Alpha1
wildflyeq10.0.0.Final
wildflyeq7.0.0.Final
wildflyeq7.1.0.Final-prerelease2
wildflyeq8.0.0.Alpha2
wildflyeq14.0.0.Beta1
wildflyeq7.0.0.Beta2-prerelease
wildflyeq17.0.0.Beta1

Name	Operator	Version
wildfly	eq	8.0.0.CR1
wildfly	eq	10.0.0.Alpha4
wildfly	eq	17.0.0.Alpha1
wildfly	eq	10.0.0.Final
wildfly	eq	7.0.0.Final
wildfly	eq	7.1.0.Final-prerelease2
wildfly	eq	8.0.0.Alpha2
wildfly	eq	14.0.0.Beta1
wildfly	eq	7.0.0.Beta2-prerelease
wildfly	eq	17.0.0.Beta1