CVE-2020-25644 – wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL

https://notcve.org/view.php?id=CVE-2020-25644

06 Oct 2020 — A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de pérdida de memoria en WildFly OpenSSL en versiones anteriores a 1.1.3.Final, donde se elimina una sesión HTTP. Puede permitir a un atacante causar OOM conllevando a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1885485 • CWE-401: Missing Release of Memory after Effective Lifetime •