Vulnerability Details CVE-2020-25644
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1885485
- https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files
- https://issues.redhat.com/browse/WFSSL-51
- https://security.netapp.com/advisory/ntap-20201016-0004/
- https://bugzilla.redhat.com/show_bug.cgi?id=1885485
- https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files
- https://issues.redhat.com/browse/WFSSL-51
- https://security.netapp.com/advisory/ntap-20201016-0004/
Products affected by CVE-2020-25644
-
cpe:2.3:a:netapp:oncommand_insight:-
-
cpe:2.3:a:netapp:oncommand_workflow_automation:-
-
cpe:2.3:a:netapp:service_level_manager:-
-
cpe:2.3:a:redhat:data_grid:8.0
-
cpe:2.3:a:redhat:jboss_data_grid:7.0.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
-
cpe:2.3:a:redhat:jboss_fuse:7.0.0
-
cpe:2.3:a:redhat:openshift_application_runtimes:-
-
cpe:2.3:a:redhat:single_sign-on:7.0
-
cpe:2.3:a:redhat:wildfly_openssl:-