vulnerability
Red Hat JBoss EAP: CVE-2020-25689: Missing Release of Memory after Effective Lifetime
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | Oct 30, 2020 | Sep 19, 2024 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
Oct 30, 2020
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.. A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the domain controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-401
- CVE-2020-25689
- https://attackerkb.com/topics/CVE-2020-25689
- https://access.redhat.com/security/cve/CVE-2020-25689
- https://bugzilla.redhat.com/show_bug.cgi?id=1893070
- https://access.redhat.com/errata/RHSA-2021:0246
- https://access.redhat.com/errata/RHSA-2021:0247
- https://access.redhat.com/errata/RHSA-2021:0248
- https://access.redhat.com/errata/RHSA-2021:0250
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-3316
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.