PT-2020-5262 · Red Hat · Wildfly Openssl

Stuart Douglas

·

Published

2020-10-06

·

Updated

2024-02-21

·

CVE-2020-25644

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions WildFly OpenSSL versions prior to 1.1.3.Final
Description A memory leak flaw was found in WildFly OpenSSL, where it removes an HTTP session, potentially allowing an attacker to cause an out-of-memory (OOM) condition leading to a denial of service. The highest threat from this issue is to system availability. Exploitation of this flaw may also allow a remote attacker to cause a denial of service or gain full access to the system.
Recommendations For versions prior to 1.1.3.Final, update to version 1.1.3.Final or later to resolve the issue. As a temporary workaround, consider restricting access to system resources to minimize the risk of exploitation.

Fix

DoS

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-400

Related Identifiers

BDU:2020-05896
CVE-2020-25644
GHSA-HXJ4-885F-GRGP
RHSA-2020:4256
RHSA-2020:4922
RHSA-2020:5340
RHSA-2020:5341
RHSA-2020:5342
RHSA-2025:9582

Affected Products

Wildfly Openssl