CVE-2020-27822

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.

CVSS v3 5.9 MEDIUM
CVSS v2.0 7.1 HIGH

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1904060	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:wildfly:19.0.0:::::::*
	cpe:2.3:a:redhat:wildfly:19.1.0:::::::*
	cpe:2.3:a:redhat:wildfly:20.0.0:::::::*
	cpe:2.3:a:redhat:wildfly:20.0.1:::::::*
	cpe:2.3:a:redhat:wildfly:21.0.0:::::::*

History

No history.

Information

Published : 2020-12-08 01:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-27822

Mitre link : CVE-2020-27822

CVE.ORG link : CVE-2020-27822

JSON object : View

Products Affected

redhat

wildfly

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2020-27822", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2020-12-08T01:15:12.413", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904060", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Wildfly afectando a versiones 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final y 21.0.0.Final. Cuando una aplicaci\u00f3n usa los interceptores java de la API OpenTracing, existe la posibilidad de una p\u00e9rdida de memoria. Este fallo permite a un atacante afectar la disponibilidad del servidor. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "lastModified": "2020-12-14T19:22:25.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:wildfly:19.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D90E2085-2D90-46CE-9EC6-091126EE8157"}, {"criteria": "cpe:2.3:a:redhat:wildfly:19.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDCA87E4-E6B3-4E83-8FB5-E1010DFAF6FA"}, {"criteria": "cpe:2.3:a:redhat:wildfly:20.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2CCEF28-7139-4834-985E-1AF6CFEC7DB0"}, {"criteria": "cpe:2.3:a:redhat:wildfly:20.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "220ACF24-36E1-4904-889F-67FB804D22AF"}, {"criteria": "cpe:2.3:a:redhat:wildfly:21.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16601AC-5F6A-4506-97AA-6C53B6740057"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}