CVE-2020-25644 - Vulnerability Details

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00597.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Oncommand Insight Oncommand Workflow Automation Service Level Manager
Redhat	Data Grid Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Fuse Jboss Single Sign On Openshift Application Runtimes Single Sign-on Wildfly Openssl

Configuration 1 [-]

cpe:2.3:a:redhat:wildfly_openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:data_grid:8.0:::::::*
	cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
	cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:service_level_manager:-:::::::*

Package	CPE	Advisory	Released Date
EAP 7.3.3
wildfly-openssl-natives-parent	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:4923	2020-11-04T00:00:00Z
Red Hat Data Grid 7.3.8
wildfly-openssl	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2020:5410	2020-12-14T00:00:00Z
Red Hat Data Grid 8.1.1
wildfly-openssl	cpe:/a:redhat:jboss_data_grid:8	RHSA-2021:0433	2021-02-08T00:00:00Z
Red Hat Fuse 7.9
wildfly-openssl	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:3140	2021-08-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
wildfly-openssl-natives-parent	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:4257	2020-10-14T00:00:00Z
	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:5344	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:4256	2020-10-14T00:00:00Z
eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:4922	2020-11-04T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:4256	2020-10-14T00:00:00Z
eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:4922	2020-11-04T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:4256	2020-10-14T00:00:00Z
eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:4922	2020-11-04T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
Red Hat Single Sign-On 7.4.3 one-off
wildfly-openssl	cpe:/a:redhat:jboss_single_sign_on:7.4	RHSA-2020:4978	2020-11-09T00:00:00Z

No data.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1885485
https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files
https://issues.redhat.com/browse/WFSSL-51
https://nvd.nist.gov/vuln/detail/CVE-2020-25644
https://security.netapp.com/advisory/ntap-20201016-0004/
https://www.cve.org/CVERecord?id=CVE-2020-25644

History

Wed, 25 Jun 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-10-06T00:00:00

Updated: 2024-08-04T15:40:36.576Z

Reserved: 2020-09-16T00:00:00

Link: CVE-2020-25644

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-06T14:15:12.760

Modified: 2024-11-21T05:18:19.370

Link: CVE-2020-25644

Redhat

Severity : Important

Publid Date: 2020-09-22T00:00:00Z

Links: CVE-2020-25644 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object