redhat fuse CVE-2020-25689 in Red Hat and NetApp Products
Published on November 2, 2020

product logo product logo
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

NVD

Vulnerability Analysis

CVE-2020-25689 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is a Memory Leak Vulnerability?

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.

CVE-2020-25689 has been classified to as a Memory Leak vulnerability or weakness.


Products Associated with CVE-2020-25689

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25689 are published in these products:

Red Hat Fuse
 
Red Hat Jboss Data Grid
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Jboss Fuse
 
Red Hat Openshift Application Runtimes
 
Red Hat Single Sign On
 
Red Hat Wildfly
 
NetApp Active Iq Unified Manager
 
NetApp Oncommand Insight
 
NetApp Service Level Manager
 

Affected Versions

Red Hat wildfly-core Version up to 21.0.0.Final is affected by CVE-2020-25689

Exploit Probability

EPSS
0.24%
Percentile
46.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.