A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
2020-11-02T21:15:27.647
2024-11-21T05:18:28.603
Modified
CVSSv3.1: 5.3 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:C
8.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | wildfly | ≤ 21.0.0 | Yes |
| Application | redhat | fuse | 6.0.0 | Yes |
| Application | redhat | jboss_data_grid | 7.0.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.0.0 | Yes |
| Application | redhat | jboss_fuse | 7.0.0 | Yes |
| Application | redhat | openshift_application_runtimes | - | Yes |
| Application | redhat | single_sign-on | 7.0 | Yes |
| Application | netapp | active_iq_unified_manager | - | Yes |
| Application | netapp | active_iq_unified_manager | - | Yes |
| Application | netapp | active_iq_unified_manager | - | Yes |
| Application | netapp | oncommand_insight | - | Yes |
| Application | netapp | service_level_manager | - | Yes |