{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-25644", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T15:40:36.576Z", "dateReserved": "2020-09-16T00:00:00", "datePublished": "2020-10-06T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-07T00:00:00"}, "descriptions": [{"lang": "en", "value": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability."}], "affected": [{"vendor": "n/a", "product": "wildfly-openssl", "versions": [{"version": "before wildfly-openssl 1.1.3.Final", "status": "affected"}]}], "references": [{"url": "https://issues.redhat.com/browse/WFSSL-51"}, {"url": "https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"}, {"url": "https://security.netapp.com/advisory/ntap-20201016-0004/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-401", "cweId": "CWE-401"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.576Z"}, "title": "CVE Program Container", "references": [{"url": "https://issues.redhat.com/browse/WFSSL-51", "tags": ["x_transferred"]}, {"url": "https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20201016-0004/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:wildfly_openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "290F30D1-B0BF-42C3-B5EC-09746D88C2C6", "versionEndExcluding": "1.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7095200A-4DAC-4433-99E8-86CA88E1E4D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*", "matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de p\u00e9rdida de memoria en WildFly OpenSSL en versiones anteriores a 1.1.3.Final, donde se elimina una sesi\u00f3n HTTP. Puede permitir a un atacante causar OOM conllevando a una denegaci\u00f3n de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "id": "CVE-2020-25644", "lastModified": "2024-02-21T21:08:54.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-06T14:15:12.760", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://issues.redhat.com/browse/WFSSL-51"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201016-0004/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4923", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package": "wildfly-openssl", "product_name": "EAP 7.3.3", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:5410", "cpe": "cpe:/a:redhat:jboss_data_grid:7.3", "package": "wildfly-openssl", "product_name": "Red Hat Data Grid 7.3.8", "release_date": "2020-12-14T00:00:00Z"}, {"advisory": "RHSA-2021:0433", "cpe": "cpe:/a:redhat:jboss_data_grid:8", "impact": "moderate", "package": "wildfly-openssl", "product_name": "Red Hat Data Grid 8.1.1", "release_date": "2021-02-08T00:00:00Z"}, {"advisory": "RHSA-2021:3140", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "low", "package": "wildfly-openssl", "product_name": "Red Hat Fuse 7.9", "release_date": "2021-08-11T00:00:00Z"}, {"advisory": "RHSA-2020:4257", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package": "wildfly-openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0", "release_date": "2020-10-14T00:00:00Z"}, {"advisory": "RHSA-2020:5344", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:4256", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-10-14T00:00:00Z"}, {"advisory": "RHSA-2020:4922", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5340", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:4256", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-10-14T00:00:00Z"}, {"advisory": "RHSA-2020:4922", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5341", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:4256", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-10-14T00:00:00Z"}, {"advisory": "RHSA-2020:4922", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-openssl-linux-x86_64-0:1.0.12-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:5342", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-12-03T00:00:00Z"}, {"advisory": "RHSA-2020:4978", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4", "package": "wildfly-openssl", "product_name": "Red Hat Single Sign-On 7.4.3 one-off", "release_date": "2020-11-09T00:00:00Z"}], "bugzilla": {"description": "wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL", "id": "1885485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885485"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-401", "details": ["A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.", "A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability."], "mitigation": {"lang": "en:us", "value": "There is currently no known mitigation for this issue."}, "name": "CVE-2020-25644", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "wildfly-openssl", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "wildfly-openssl", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "wildfly-openssl", "product_name": "Red Hat Process Automation 7"}], "public_date": "2020-09-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25644\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25644"], "threat_severity": "Important", "upstream_fix": "wildfly-openssl 1.1.3.Final"}