CVE-2020-25644: Missing Release of Memory after Effective Lifetime
(updated )
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
References
- bugzilla.redhat.com/show_bug.cgi?id=1885485
- github.com/advisories/GHSA-hxj4-885f-grgp
- github.com/wildfly-security/wildfly-openssl-natives/pull/4/commits/7c26514676f3fb0dee0bcaa7d4680f982372950f
- github.com/wildfly-security/wildfly-openssl-natives/pull/4/files
- issues.redhat.com/browse/WFSSL-51
- nvd.nist.gov/vuln/detail/CVE-2020-25644
- security.netapp.com/advisory/ntap-20201016-0004/
Detect and mitigate CVE-2020-25644 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →