GoogleOSV:GHSA-HXJ4-885F-GRGPWildfly-OpenSSL memory leak flaw
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.6%
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
References
bugzilla.redhat.com/show_bug.cgi?id=1885485
github.com/wildfly-security/wildfly-openssl-natives
github.com/wildfly-security/wildfly-openssl-natives/commit/7c26514676f3fb0dee0bcaa7d4680f982372950f
github.com/wildfly-security/wildfly-openssl-natives/pull/4
github.com/wildfly-security/wildfly-openssl-natives/pull/4/files
issues.redhat.com/browse/WFSSL-51
nvd.nist.gov/vuln/detail/CVE-2020-25644
security.netapp.com/advisory/ntap-20201016-0004
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.6%