CVE-2020-25644 - Vulnerability Details

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00465.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

wildfly-openssl

affected

Version	Status	Constraints
`before wildfly-openssl 1.1.3.Final`	affected	—

Configuration 1 [-]

cpe:2.3:a:redhat:wildfly_openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:data_grid:8.0:::::::*
	cpe:2.3:a:redhat:jboss_data_grid:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:::::::*
	cpe:2.3:a:redhat:jboss_fuse:7.0.0:::::::*
	cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*
	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:service_level_manager:-:::::::*

Package	CPE	Advisory	Released Date
EAP 7.3.3
wildfly-openssl-natives-parent	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:4923	2020-11-04T00:00:00Z
Red Hat Data Grid 7.3.8
wildfly-openssl	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2020:5410	2020-12-14T00:00:00Z
Red Hat Data Grid 8.1.1
wildfly-openssl	cpe:/a:redhat:jboss_data_grid:8	RHSA-2021:0433	2021-02-08T00:00:00Z
Red Hat Fuse 7.9
wildfly-openssl	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:3140	2021-08-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
wildfly-openssl-natives-parent	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:4257	2020-10-14T00:00:00Z
	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2020:5344	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-glassfish-el-0:3.0.1-4.b08_redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-hibernate-0:5.1.17-3.Final_redhat_00004.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jackson-databind-0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-jboss-ejb-client-0:4.0.12-1.Final_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-netty-0:4.1.63-2.Final_redhat_00003.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-undertow-0:1.4.18-16.SP14_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-0:7.1.11-4.GA_redhat_00002.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-elytron-0:1.1.14-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-http-client-0:1.0.21-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-naming-client-0:1.0.13-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
eap7-wildfly-openssl-linux-0:1.0.12-6.Final_redhat_00001.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2025:9582	2025-06-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:4256	2020-10-14T00:00:00Z
eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:4922	2020-11-04T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2020:5340	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:4256	2020-10-14T00:00:00Z
eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:4922	2020-11-04T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2020:5341	2020-12-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:4256	2020-10-14T00:00:00Z
eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:4922	2020-11-04T00:00:00Z
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2020:5342	2020-12-03T00:00:00Z
Red Hat Single Sign-On 7.4.3 one-off
wildfly-openssl	cpe:/a:redhat:jboss_single_sign_on:7.4	RHSA-2020:4978	2020-11-09T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Netapp Subscribe	Oncommand Insight Subscribe Oncommand Workflow Automation Subscribe Service Level Manager Subscribe
Redhat Subscribe	Data Grid Subscribe Jboss Data Grid Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Application Platform Eus Subscribe Jboss Fuse Subscribe Jboss Single Sign On Subscribe Openshift Application Runtimes Subscribe Single Sign-on Subscribe Wildfly Openssl Subscribe

Advisories

Source	ID	Title
Github GHSA	GHSA-hxj4-885f-grgp	Wildfly-OpenSSL memory leak flaw

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1885485
https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files
https://issues.redhat.com/browse/WFSSL-51
https://nvd.nist.gov/vuln/detail/CVE-2020-25644
https://security.netapp.com/advisory/ntap-20201016-0004/
https://www.cve.org/CVERecord?id=CVE-2020-25644

History

Wed, 25 Jun 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-10-06T00:00:00

Updated: 2024-08-04T15:40:36.576Z

Reserved: 2020-09-16T00:00:00

Link: CVE-2020-25644

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-06T14:15:12.760

Modified: 2024-11-21T05:18:19.370

Link: CVE-2020-25644

Redhat

Severity : Important

Publid Date: 2020-09-22T00:00:00Z

Links: CVE-2020-25644 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-401

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object