vulnerability
Red Hat JBoss EAP: CVE-2020-25644: Missing Release of Memory after Effective Lifetime
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Sep 22, 2020 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Sep 22, 2020
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.. A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-401
- CVE-2020-25644
- https://attackerkb.com/topics/CVE-2020-25644
- URL-https://access.redhat.com/security/cve/CVE-2020-25644
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1885485
- URL-https://access.redhat.com/errata/RHSA-2020:4256
- URL-https://access.redhat.com/errata/RHSA-2020:4257
- URL-https://access.redhat.com/errata/RHSA-2020:4922
- URL-https://access.redhat.com/errata/RHSA-2020:4923
- URL-https://access.redhat.com/errata/RHSA-2020:5340
- URL-https://access.redhat.com/errata/RHSA-2020:5341
- URL-https://access.redhat.com/errata/RHSA-2020:5342
- URL-https://access.redhat.com/errata/RHSA-2020:5344
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.