First published: Fri Oct 30 2020(Updated: )
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el6ea | 0:2.9.0-7.redhat_00017.1.el6ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el6ea | 0:2.3.9-12.SP13_redhat_00001.1.el6ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el6ea | 0:3.2.12-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el6ea | 0:5.3.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el6ea | 0:4.5.13-1.redhat_00001.1.el6ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el6ea | 0:4.0.37-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el6ea | 0:2.0.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el6ea | 0:1.11.0-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el6ea | 0:5.0.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el6ea | 0:1.7.2-4.Final_redhat_00005.1.el6ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el6ea | 0:3.7.12-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el6ea | 0:5.9.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el6ea | 0:0.0.4.1-2.redhat_00002.1.el6ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el6ea | 0:3.11.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el6ea | 0:2.0.33-1.SP2_redhat_00001.1.el6ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el6ea | 0:7.3.5-2.GA_redhat_00001.1.el6ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el6ea | 0:1.2.1-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el6ea | 0:1.10.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el6ea | 0:1.0.24-1.Final_redhat_00001.1.el6ea |
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el7ea | 0:2.9.0-7.redhat_00017.1.el7ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el7ea | 0:2.3.9-12.SP13_redhat_00001.1.el7ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el7ea | 0:3.2.12-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el7ea | 0:5.3.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el7ea | 0:4.5.13-1.redhat_00001.1.el7ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el7ea | 0:4.0.37-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el7ea | 0:2.0.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el7ea | 0:1.11.0-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el7ea | 0:5.0.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el7ea | 0:1.7.2-4.Final_redhat_00005.1.el7ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el7ea | 0:3.7.12-1.Final_redhat_00001.1.el7ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el7ea | 0:5.9.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el7ea | 0:0.0.4.1-2.redhat_00002.1.el7ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el7ea | 0:3.11.3-1.Final_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el7ea | 0:2.0.33-1.SP2_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el7ea | 0:7.3.5-2.GA_redhat_00001.1.el7ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el7ea | 0:1.2.1-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el7ea | 0:1.10.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el7ea | 0:1.0.24-1.Final_redhat_00001.1.el7ea |
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el8ea | 0:2.9.0-7.redhat_00017.1.el8ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el8ea | 0:2.3.9-12.SP13_redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el8ea | 0:3.2.12-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el8ea | 0:5.3.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el8ea | 0:4.5.13-1.redhat_00001.1.el8ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el8ea | 0:4.0.37-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el8ea | 0:2.0.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el8ea | 0:1.11.0-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el8ea | 0:5.0.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el8ea | 0:1.7.2-4.Final_redhat_00005.1.el8ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el8ea | 0:3.7.12-1.Final_redhat_00001.1.el8ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el8ea | 0:5.9.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el8ea | 0:0.0.4.1-2.redhat_00002.1.el8ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el8ea | 0:3.11.3-1.Final_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el8ea | 0:2.0.33-1.SP2_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el8ea | 0:7.3.5-2.GA_redhat_00001.1.el8ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el8ea | 0:1.2.1-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el8ea | 0:1.10.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el8ea | 0:1.0.24-1.Final_redhat_00001.1.el8ea |
Redhat Wildfly | <=21.0.0 | |
Redhat Fuse | =6.0.0 | |
Redhat Jboss Data Grid | =7.0.0 | |
Redhat Jboss Enterprise Application Platform | =7.0.0 | |
Redhat Jboss Fuse | =7.0.0 | |
Redhat Openshift Application Runtimes | ||
Redhat Single Sign-on | =7.0 | |
Netapp Active Iq Unified Manager Linux | ||
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
NetApp OnCommand Insight | ||
NetApp Service Level Manager |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)