Vulnerability Details : CVE-2020-14340
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
Vulnerability category: Denial of service
Products affected by CVE-2020-14340
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_data_grid:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_brms:5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_brms:6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_soa_platform:5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:xnio:3.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:redhat:xnio:3.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14340
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14340
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2020-14340
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2020-14340
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1860218
1860218 – (CVE-2020-14340) CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoSIssue Tracking;Vendor Advisory
Jump to