CVE-2020-27822
MEDIUM5.9EPSS 0.34%Wildfly has a memory leak vulnerability
Published: 5/24/2022Modified: 4/3/2025
Description
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.
Affected packages (2)
- Bitnami/wildfly>= 19.0.0, < 19.0.1, >= 19.1.0, < 19.1.1, >= 20.0.0, < 20.0.1, >= 20.0.1, < 20.0.2, >= 21.0.0, < 21.0.1
- Maven/org.wildfly:wildfly-parent>= 19.0.0.Final, < 21.0.2.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-27822
- PATCHhttps://github.com/wildfly/wildfly
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1904060
- WEBhttps://github.com/wildfly/wildfly/commit/67ef84fd7aab789a535b137e5e506fd29d212455
- WEBhttps://github.com/wildfly/wildfly/commit/c8b02f6a0605f4e2abfeaf21d28b7fe76171004b
- WEBhttps://github.com/wildfly/wildfly/pull/13749
- WEBhttps://github.com/wildfly/wildfly/pull/13779
- WEBhttps://issues.redhat.com/browse/WFLY-14094