CVE-2020-27822
MEDIUMWildfly 19.0.0.Final-21.0.0.Final - Use-After-Free in OpenTracing Java-Interceptors
Title source: llmDescription
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1904060
Scores
CVSS v3
5.9
EPSS
0.0034
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-401
Status
published
Products (6)
org.wildfly/wildfly-parent
19.0.0.Final - 21.0.2.FinalMaven
redhat/wildfly
19.0.0
redhat/wildfly
19.1.0
redhat/wildfly
20.0.0
redhat/wildfly
20.0.1
redhat/wildfly
21.0.0
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026