CVE-2020-14340
First published: Fri Jul 24 2020(Updated: )
A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/eap7-activemq-artemis | <0:2.9.0-5.redhat_00011.1.el6ea | 0:2.9.0-5.redhat_00011.1.el6ea |
| redhat/eap7-activemq-artemis-native | <1:1.0.2-1.redhat_00001.1.el6ea | 1:1.0.2-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-commons-codec | <0:1.14.0-1.redhat_00001.1.el6ea | 0:1.14.0-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-commons-lang | <0:3.10.0-1.redhat_00001.1.el6ea | 0:3.10.0-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-cxf | <0:3.3.7-1.redhat_00001.1.el6ea | 0:3.3.7-1.redhat_00001.1.el6ea |
| redhat/eap7-artemis-native | <1:1.0.2-3.redhat_1.el6ea | 1:1.0.2-3.redhat_1.el6ea |
| redhat/eap7-bouncycastle | <0:1.65.0-1.redhat_00001.1.el6ea | 0:1.65.0-1.redhat_00001.1.el6ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP12_redhat_00001.1.el6ea | 0:2.3.9-11.SP12_redhat_00001.1.el6ea |
| redhat/eap7-hal-console | <0:3.2.10-1.Final_redhat_00001.1.el6ea | 0:3.2.10-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-hibernate | <0:5.3.18-1.Final_redhat_00001.1.el6ea | 0:5.3.18-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-httpcomponents-client | <0:4.5.12-1.redhat_00001.1.el6ea | 0:4.5.12-1.redhat_00001.1.el6ea |
| redhat/eap7-httpcomponents-core | <0:4.4.13-1.redhat_00001.1.el6ea | 0:4.4.13-1.redhat_00001.1.el6ea |
| redhat/eap7-jberet | <0:1.3.7-1.Final_redhat_00001.1.el6ea | 0:1.3.7-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-invocation | <0:1.5.3-1.Final_redhat_00001.1.el6ea | 0:1.5.3-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-logmanager | <0:2.1.17-1.Final_redhat_00001.1.el6ea | 0:2.1.17-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-2.Final_redhat_00002.1.el6ea | 0:1.7.2-2.Final_redhat_00002.1.el6ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.9-1.Final_redhat_00001.1.el6ea | 0:3.7.9-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jgroups | <0:4.1.10-1.Final_redhat_00001.1.el6ea | 0:4.1.10-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-narayana | <0:5.9.9-1.Final_redhat_00001.1.el6ea | 0:5.9.9-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-picketbox | <0:5.0.3-8.Final_redhat_00007.1.el6ea | 0:5.0.3-8.Final_redhat_00007.1.el6ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-25.SP12_redhat_00013.1.el6ea | 0:2.5.5-25.SP12_redhat_00013.1.el6ea |
| redhat/eap7-snakeyaml | <0:1.26.0-1.redhat_00001.1.el6ea | 0:1.26.0-1.redhat_00001.1.el6ea |
| redhat/eap7-undertow | <0:2.0.31-1.SP1_redhat_00001.1.el6ea | 0:2.0.31-1.SP1_redhat_00001.1.el6ea |
| redhat/eap7-velocity | <0:2.2.0-1.redhat_00001.1.el6ea | 0:2.2.0-1.redhat_00001.1.el6ea |
| redhat/eap7-wildfly | <0:7.3.3-4.GA_redhat_00004.1.el6ea | 0:7.3.3-4.GA_redhat_00004.1.el6ea |
| redhat/eap7-wildfly-elytron | <0:1.10.8-1.Final_redhat_00001.1.el6ea | 0:1.10.8-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.13-1.Final_redhat_00001.1.el6ea | 0:1.1.13-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-xerces-j2 | <0:2.12.0-2.SP03_redhat_00001.1.el6ea | 0:2.12.0-2.SP03_redhat_00001.1.el6ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-5.redhat_00011.1.el7ea | 0:2.9.0-5.redhat_00011.1.el7ea |
| redhat/eap7-activemq-artemis-native | <1:1.0.2-1.redhat_00001.1.el7ea | 1:1.0.2-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-commons-codec | <0:1.14.0-1.redhat_00001.1.el7ea | 0:1.14.0-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-commons-lang | <0:3.10.0-1.redhat_00001.1.el7ea | 0:3.10.0-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf | <0:3.3.7-1.redhat_00001.1.el7ea | 0:3.3.7-1.redhat_00001.1.el7ea |
| redhat/eap7-artemis-native | <1:1.0.2-3.redhat_1.el7ea | 1:1.0.2-3.redhat_1.el7ea |
| redhat/eap7-bouncycastle | <0:1.65.0-1.redhat_00001.1.el7ea | 0:1.65.0-1.redhat_00001.1.el7ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP12_redhat_00001.1.el7ea | 0:2.3.9-11.SP12_redhat_00001.1.el7ea |
| redhat/eap7-hal-console | <0:3.2.10-1.Final_redhat_00001.1.el7ea | 0:3.2.10-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <0:5.3.18-1.Final_redhat_00001.1.el7ea | 0:5.3.18-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-httpcomponents-client | <0:4.5.12-1.redhat_00001.1.el7ea | 0:4.5.12-1.redhat_00001.1.el7ea |
| redhat/eap7-httpcomponents-core | <0:4.4.13-1.redhat_00001.1.el7ea | 0:4.4.13-1.redhat_00001.1.el7ea |
| redhat/eap7-jberet | <0:1.3.7-1.Final_redhat_00001.1.el7ea | 0:1.3.7-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-invocation | <0:1.5.3-1.Final_redhat_00001.1.el7ea | 0:1.5.3-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-logmanager | <0:2.1.17-1.Final_redhat_00001.1.el7ea | 0:2.1.17-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-2.Final_redhat_00002.1.el7ea | 0:1.7.2-2.Final_redhat_00002.1.el7ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.9-1.Final_redhat_00001.1.el7ea | 0:3.7.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jgroups | <0:4.1.10-1.Final_redhat_00001.1.el7ea | 0:4.1.10-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-narayana | <0:5.9.9-1.Final_redhat_00001.1.el7ea | 0:5.9.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-picketbox | <0:5.0.3-8.Final_redhat_00007.1.el7ea | 0:5.0.3-8.Final_redhat_00007.1.el7ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-25.SP12_redhat_00013.1.el7ea | 0:2.5.5-25.SP12_redhat_00013.1.el7ea |
| redhat/eap7-snakeyaml | <0:1.26.0-1.redhat_00001.1.el7ea | 0:1.26.0-1.redhat_00001.1.el7ea |
| redhat/eap7-undertow | <0:2.0.31-1.SP1_redhat_00001.1.el7ea | 0:2.0.31-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-velocity | <0:2.2.0-1.redhat_00001.1.el7ea | 0:2.2.0-1.redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.3.3-4.GA_redhat_00004.1.el7ea | 0:7.3.3-4.GA_redhat_00004.1.el7ea |
| redhat/eap7-wildfly-elytron | <0:1.10.8-1.Final_redhat_00001.1.el7ea | 0:1.10.8-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.13-1.Final_redhat_00001.1.el7ea | 0:1.1.13-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-xerces-j2 | <0:2.12.0-2.SP03_redhat_00001.1.el7ea | 0:2.12.0-2.SP03_redhat_00001.1.el7ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-5.redhat_00011.1.el8ea | 0:2.9.0-5.redhat_00011.1.el8ea |
| redhat/eap7-activemq-artemis-native | <1:1.0.2-1.redhat_00001.1.el8ea | 1:1.0.2-1.redhat_00001.1.el8ea |
| redhat/eap7-apache-commons-codec | <0:1.14.0-1.redhat_00001.1.el8ea | 0:1.14.0-1.redhat_00001.1.el8ea |
| redhat/eap7-apache-commons-lang | <0:3.10.0-1.redhat_00001.1.el8ea | 0:3.10.0-1.redhat_00001.1.el8ea |
| redhat/eap7-apache-cxf | <0:3.3.7-1.redhat_00001.1.el8ea | 0:3.3.7-1.redhat_00001.1.el8ea |
| redhat/eap7-artemis-native | <1:1.0.2-3.redhat_1.el8ea | 1:1.0.2-3.redhat_1.el8ea |
| redhat/eap7-bouncycastle | <0:1.65.0-1.redhat_00001.1.el8ea | 0:1.65.0-1.redhat_00001.1.el8ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP12_redhat_00001.1.el8ea | 0:2.3.9-11.SP12_redhat_00001.1.el8ea |
| redhat/eap7-hal-console | <0:3.2.10-1.Final_redhat_00001.1.el8ea | 0:3.2.10-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <0:5.3.18-1.Final_redhat_00001.1.el8ea | 0:5.3.18-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-httpcomponents-client | <0:4.5.12-1.redhat_00001.1.el8ea | 0:4.5.12-1.redhat_00001.1.el8ea |
| redhat/eap7-httpcomponents-core | <0:4.4.13-1.redhat_00001.1.el8ea | 0:4.4.13-1.redhat_00001.1.el8ea |
| redhat/eap7-jberet | <0:1.3.7-1.Final_redhat_00001.1.el8ea | 0:1.3.7-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-invocation | <0:1.5.3-1.Final_redhat_00001.1.el8ea | 0:1.5.3-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-logmanager | <0:2.1.17-1.Final_redhat_00001.1.el8ea | 0:2.1.17-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-2.Final_redhat_00002.1.el8ea | 0:1.7.2-2.Final_redhat_00002.1.el8ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.9-1.Final_redhat_00001.1.el8ea | 0:3.7.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jgroups | <0:4.1.10-1.Final_redhat_00001.1.el8ea | 0:4.1.10-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-narayana | <0:5.9.9-1.Final_redhat_00001.1.el8ea | 0:5.9.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-picketbox | <0:5.0.3-8.Final_redhat_00007.1.el8ea | 0:5.0.3-8.Final_redhat_00007.1.el8ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-25.SP12_redhat_00013.1.el8ea | 0:2.5.5-25.SP12_redhat_00013.1.el8ea |
| redhat/eap7-snakeyaml | <0:1.26.0-1.redhat_00001.1.el8ea | 0:1.26.0-1.redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.0.31-1.SP1_redhat_00001.1.el8ea | 0:2.0.31-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-velocity | <0:2.2.0-1.redhat_00001.1.el8ea | 0:2.2.0-1.redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.3.3-4.GA_redhat_00004.1.el8ea | 0:7.3.3-4.GA_redhat_00004.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.10.8-1.Final_redhat_00001.1.el8ea | 0:1.10.8-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.13-1.Final_redhat_00001.1.el8ea | 0:1.1.13-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-xerces-j2 | <0:2.12.0-2.SP03_redhat_00001.1.el8ea | 0:2.12.0-2.SP03_redhat_00001.1.el8ea |
| redhat/xnio | <3.7.9. | 3.7.9. |
| redhat/xnio | <3.8.2. | 3.8.2. |
| redhat/xnio | <3.9.0. | 3.9.0. |
| redhat XNIO | >=3.6.1<3.7.9 | |
| redhat XNIO | >=3.8.0<3.8.2 | |
| redhat XNIO | =3.6.0-beta1 | |
| redhat XNIO | =3.6.0-beta2 | |
| Red Hat JBoss BRMS | =5 | |
| Red Hat JBoss BRMS | =6 | |
| redhat jboss data grid | =6.0.0 | |
| redhat jboss data grid | =7.0.0 | |
| redhat jboss data virtualization | =6.0.0 | |
| redhat jboss enterprise application platform | =5.0.0 | |
| redhat jboss enterprise application platform | =6.0.0 | |
| Red Hat JBoss Fuse | =6.0.0 | |
| Red Hat JBoss Fuse | =7.0.0 | |
| redhat jboss operations network | =3.0 | |
| Red Hat JBoss Enterprise SOA Platform | =5 | |
| oracle communications cloud native core console | =1.9.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.14.0 | |
| oracle communications Cloud native core policy | =1.14.0 | |
| Oracle Communications Cloud Native Core Network Repository Function | =1.15.0 | |
| Oracle Communications Cloud Native Core Service Communication Proxy | =1.14.0 | |
| Oracle Communications Cloud Native Core Unified Data Repository | =1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1860218
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://access.redhat.com/errata/RHSA-2020:4244
- https://access.redhat.com/errata/RHSA-2020:4245
- https://access.redhat.com/errata/RHSA-2020:4246
- https://access.redhat.com/errata/RHSA-2020:4247
- https://access.redhat.com/security/cve/cve-2020-14340
- https://access.redhat.com/errata/RHSA-2020:4931
- https://access.redhat.com/errata/RHSA-2020:5361
- https://access.redhat.com/errata/RHSA-2021:3140
- https://www.cve.org/CVERecord?id=CVE-2020-14340 https://nvd.nist.gov/vuln/detail/CVE-2020-14340
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-14340?
CVE-2020-14340 has been identified with a high severity level due to its potential impact on system availability.
How do I fix CVE-2020-14340?
To remediate CVE-2020-14340, it is recommended to upgrade affected xnio packages to versions 3.7.9, 3.8.2, or 3.9.0 or later.
What systems are affected by CVE-2020-14340?
CVE-2020-14340 affects various Red Hat products including eap7-activemq-artemis and eap7-activemq-artemis-native, among others.
What type of vulnerability is CVE-2020-14340?
CVE-2020-14340 is a file descriptor leak vulnerability that can lead to denial of service.
What versions of xnio are vulnerable to CVE-2020-14340?
Versions of xnio prior to 3.7.9 are vulnerable to CVE-2020-14340.
- collector/redhat-cve
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14340
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/redhat xnio
- version/redhat xnio/3.6.1
- version/redhat xnio/3.8.0
- version/redhat xnio/3.6.0-beta1
- version/redhat xnio/3.6.0-beta2
- canonical/red hat jboss brms
- version/red hat jboss brms/5
- version/red hat jboss brms/6
- canonical/redhat jboss data grid
- version/redhat jboss data grid/6.0.0
- version/redhat jboss data grid/7.0.0
- canonical/redhat jboss data virtualization
- version/redhat jboss data virtualization/6.0.0
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/5.0.0
- version/redhat jboss enterprise application platform/6.0.0
- canonical/red hat jboss fuse
- version/red hat jboss fuse/6.0.0
- version/red hat jboss fuse/7.0.0
- canonical/redhat jboss operations network
- version/redhat jboss operations network/3.0
- canonical/red hat jboss enterprise soa platform
- version/red hat jboss enterprise soa platform/5
- vendor/oracle
- canonical/oracle communications cloud native core console
- version/oracle communications cloud native core console/1.9.0
- canonical/oracle communications cloud native core network repository function
- version/oracle communications cloud native core network repository function/1.14.0
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.14.0
- version/oracle communications cloud native core network repository function/1.15.0
- canonical/oracle communications cloud native core service communication proxy
- version/oracle communications cloud native core service communication proxy/1.14.0
- canonical/oracle communications cloud native core unified data repository
- version/oracle communications cloud native core unified data repository/1.14.0