PT-2020-16159 · Red Hat · Wildfly

Published

2020-10-30

Updated

2024-03-06

CVE-2020-25689

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions WildFly versions up to 21.0.0.Final

Description A memory leak flaw was found in WildFly where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain-controller. This allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this issue is to system availability.

Recommendations For versions up to 21.0.0.Final, update to a version later than 21.0.0.Final to resolve the issue. As a temporary workaround, consider restricting the host-controller's ability to reconnect in a loop to minimize the risk of exploitation.

Exploit

Fix

DoS

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-400

Related Identifiers

BIT-WILDFLY-2020-25689

CVE-2020-25689

GHSA-97HP-6Q9G-5CW2

RHSA-2021:0246

RHSA-2021:0247

RHSA-2021:0248

Affected Products

Wildfly

PT-2020-16159 · Red Hat · Wildfly

CVE-2020-25689

Weakness Enumeration

Related Identifiers

Affected Products

References · 8