7.5

CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatWildfly Openssl Version < 1.1.3
RedhatData Grid Version8.0
RedhatJboss Data Grid Version7.0.0
RedhatJboss Fuse Version7.0.0
RedhatSingle Sign-on Version7.0
NetappOncommand Insight Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.18% 0.802
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://bugzilla.redhat.com/show_bug.cgi?id=1885485
Patch
Vendor Advisory
Issue Tracking
https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files
Patch
Third Party Advisory
https://issues.redhat.com/browse/WFSSL-51
Vendor Advisory
Permissions Required
https://security.netapp.com/advisory/ntap-20201016-0004/
Third Party Advisory