CVE-2020-27822

Published: Dec 8, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.

Affected (5)

Products: Redhat: Wildfly

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Wildfly	Version 19.0.0
Redhat Wildfly	Version 19.1.0
Redhat Wildfly	Version 20.0.0
Redhat Wildfly	Version 20.0.1
Redhat Wildfly	Version 21.0.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1904060

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1904060

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.