A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. * Reference: https://issues.redhat.com/browse/WFCORE-5105 * Upstream patch: https://github.com/wildfly/wildfly-core/pull/4308 * Affected artifacts: wildfly-host-controller-VERSION.jar wildfly-protocol-VERSION.jar jboss-cli-client.jar
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2021:0250 https://access.redhat.com/errata/RHSA-2021:0250
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6 Via RHSA-2021:0246 https://access.redhat.com/errata/RHSA-2021:0246
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7 Via RHSA-2021:0247 https://access.redhat.com/errata/RHSA-2021:0247
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8 Via RHSA-2021:0248 https://access.redhat.com/errata/RHSA-2021:0248
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25689
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.5 Via RHSA-2021:0327 https://access.redhat.com/errata/RHSA-2021:0327
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2021:0295 https://access.redhat.com/errata/RHSA-2021:0295
This issue has been addressed in the following products: Red Hat Fuse 7.11 Via RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532