PT-2020-6403 · Xnio · Xnio

Published

2020-07-17

Updated

2022-07-25

CVE-2020-14340

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions XNIO versions 3.6.0.Beta1 through 3.8.1.Final

Description A file descriptor leak in XNIO, caused by growing amounts of NIO Selector file handles between garbage collection cycles, may allow an attacker to cause a denial of service. This issue is related to the structure of input-output operations in XNIO and can be exploited by a remote attacker.

Recommendations For XNIO versions 3.6.0.Beta1 through 3.8.1.Final, update to a version that includes a fix for the file descriptor leak issue to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2021-04623

CVE-2020-14340

GHSA-C738-77X8-WMQ5

RHSA-2020:4244

RHSA-2020:4245

RHSA-2020:4246

Affected Products

Xnio

PT-2020-6403 · Xnio · Xnio

CVE-2020-14340

Weakness Enumeration

Related Identifiers

Affected Products

References · 16