Vulnerabilities > CVE-2020-25644 - Memory Leak vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

redhat

netapp

CWE-401

NVD

Published: 2020-10-06

Updated: 2024-02-21

Summary

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Wildfly Openssl - Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Single Sign ON 7.0 Redhat Jboss Fuse 7.0.0 Redhat Jboss Data Grid 7.0.0 Redhat Openshift Application Runtimes - Redhat Data Grid 8.0	7
Application	Netapp Netapp Oncommand Workflow Automation - Netapp Oncommand Insight - Netapp Service Level Manager -	3

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References