A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
Oracle
  • Communications Cloud Native Core Console
  • Communications Cloud Native Core Unified Data Repository
  • Communications Cloud Native Core Security Edge Protection Proxy
  • Communications Cloud Native Core Service Communication Proxy
  • Communications Cloud Native Core Policy
  • Communications Cloud Native Core Network Repository Function
Redhat
  • Jboss Data Grid
  • Jboss Brms
  • Jboss Enterprise Application Platform
  • Jboss Soa Platform
  • Jboss Fuse
  • Xnio
  • Jboss Data Virtualization
  • Jboss Operations Network

Configuration 1 [-]

OR cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:3.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:xnio:3.6.0:beta2:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:jboss_brms:5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_brms:6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_soa_platform:5:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1860218 Issue Tracking Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-06-02T12:04:28

Updated: 2022-04-19T23:21:36

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14340

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-06-02T13:15:08.083

Modified: 2022-07-25T11:35:13.533

Link: CVE-2020-14340

JSON object: View

cve-icon Redhat Information

No data.

CWE