7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-25644

GHSA ID

GHSA-hxj4-885f-grgp

EPSS Score

0.68435%

CWE

CWE-401

Published

5/24/2022

Updated

2/22/2024

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-25644

CVE-2020-25644: Wildfly-OpenSSL memory leak flaw

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-25644

CVE-2020-25644:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-25644

GHSA ID

GHSA-hxj4-885f-grgp

EPSS Score

0.68435%

CWE

CWE-401

Published

5/24/2022

Updated

2/22/2024

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.wildfly.openssl:wildfly-openssl-natives-parent	maven	< 1.1.3.Final	1.1.3.Final

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the missing SSL_SESSION_free() call in the session removal callback. The GitHub patch explicitly adds this call to fix the memory leak (CWE-401). The commit message 'WFSSL-51 sessions not removed correctly' and the added line 'ssl_methods.SSL_SESSION_free(session)' in remove_session_cb directly correlate with the described OOM vulnerability. No other functions were modified in the patch, and the vulnerability description specifically implicates session removal logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-25644: Wildfly-OpenSSL memory leak flaw

CVE-2020-25644:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

7.5

7.5

CVE-2020-25644: Wildfly-OpenSSL memory leak flaw

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI