redhat data-grid CVE-2020-25644 in Red Hat and NetApp Products
Published on October 6, 2020

product logo product logo
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

NVD

Weakness Type

What is a Memory Leak Vulnerability?

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

CVE-2020-25644 has been classified to as a Memory Leak vulnerability or weakness.


Products Associated with CVE-2020-25644

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25644 are published in these products:

Red Hat Data Grid
 
Red Hat Jboss Data Grid
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Jboss Fuse
 
Red Hat Openshift Application Runtimes
 
Red Hat Single Sign On
 
Red Hat Wildfly Openssl
 
NetApp Oncommand Insight
 
NetApp Oncommand Workflow Automation
 
NetApp Service Level Manager
 

Exploit Probability

EPSS
0.46%
Percentile
63.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.