vulnerability
Red Hat JBoss EAP: CVE-2020-25689: Missing Release of Memory after Effective Lifetime
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | Oct 30, 2020 | Sep 19, 2024 | Jul 9, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
Oct 30, 2020
Added
Sep 19, 2024
Modified
Jul 9, 2025
Description
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.. A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-401
- CVE-2020-25689
- https://attackerkb.com/topics/CVE-2020-25689
- URL-https://access.redhat.com/security/cve/CVE-2020-25689
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1893070
- URL-https://access.redhat.com/errata/RHSA-2021:0246
- URL-https://access.redhat.com/errata/RHSA-2021:0247
- URL-https://access.redhat.com/errata/RHSA-2021:0248
- URL-https://access.redhat.com/errata/RHSA-2021:0250
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.