CVE-2020-14340
xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
Severity Score
5.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
Se detectó una vulnerabilidad en XNIO en la que se produce un filtrado de descriptores de archivos causada por el crecimiento de la cantidad de manejadores de archivos NIO Selector entre los ciclos de recolección de basura. Puede permitir al atacante causar una denegación de servicio. Afecta a XNIO versiones 3.6.0.Beta1 hasta 3.8.1.Final
A flaw was found in xnio. A file descriptor leak caused by growing amounts of NIO Selector file, handled between garbage collection cycles, may allow the attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-17 CVE Reserved
- 2020-10-13 CVE Published
- 2024-02-16 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2022-07-25 | |
| https://www.oracle.com/security-alerts/cpujan2022.html | 2022-07-25 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1860218 | 2021-08-11 | |
| https://access.redhat.com/security/cve/CVE-2020-14340 | 2021-08-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Xnio Search vendor "Redhat" for product "Xnio" | >= 3.6.1 < 3.7.9 Search vendor "Redhat" for product "Xnio" and version " >= 3.6.1 < 3.7.9" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Xnio Search vendor "Redhat" for product "Xnio" | >= 3.8.0 < 3.8.2 Search vendor "Redhat" for product "Xnio" and version " >= 3.8.0 < 3.8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Xnio Search vendor "Redhat" for product "Xnio" | 3.6.0 Search vendor "Redhat" for product "Xnio" and version "3.6.0" | beta1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Xnio Search vendor "Redhat" for product "Xnio" | 3.6.0 Search vendor "Redhat" for product "Xnio" and version "3.6.0" | beta2 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Brms Search vendor "Redhat" for product "Jboss Brms" | 5 Search vendor "Redhat" for product "Jboss Brms" and version "5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Brms Search vendor "Redhat" for product "Jboss Brms" | 6 Search vendor "Redhat" for product "Jboss Brms" and version "6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid" | 6.0.0 Search vendor "Redhat" for product "Jboss Data Grid" and version "6.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Grid Search vendor "Redhat" for product "Jboss Data Grid" | 7.0.0 Search vendor "Redhat" for product "Jboss Data Grid" and version "7.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Data Virtualization Search vendor "Redhat" for product "Jboss Data Virtualization" | 6.0.0 Search vendor "Redhat" for product "Jboss Data Virtualization" and version "6.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 5.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | 6.0.0 Search vendor "Redhat" for product "Jboss Fuse" and version "6.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Fuse Search vendor "Redhat" for product "Jboss Fuse" | 7.0.0 Search vendor "Redhat" for product "Jboss Fuse" and version "7.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 3.0 Search vendor "Redhat" for product "Jboss Operations Network" and version "3.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Soa Platform Search vendor "Redhat" for product "Jboss Soa Platform" | 5 Search vendor "Redhat" for product "Jboss Soa Platform" and version "5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Console Search vendor "Oracle" for product "Communications Cloud Native Core Console" | 1.9.0 Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Repository Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" | 1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "1.14.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy" | 1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.14.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Security Edge Protection Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "1.15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Service Communication Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" | 1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" and version "1.14.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Unified Data Repository Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" | 1.14.0 Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "1.14.0" | - |
Affected
| ||||||