CVE Vulnerabilities

CVE-2020-14326

Published: Jun 02, 2021 | Modified: Jul 15, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Affected Software

Name Vendor Start Version End Version
Integration_camel_k Redhat - (including) - (including)
Resteasy Redhat 4.2.0 (including) 4.5.6 (excluding)
Red Hat build of Quarkus 1.3.4 SP1 RedHat RESTEasy *
Red Hat Fuse 7.8.0 RedHat RESTEasy *
Red Hat Integration RedHat RESTEasy *
Red Hat Integration Camel Quarkus RedHat RESTEasy *
Resteasy Ubuntu eoan *
Resteasy Ubuntu groovy *
Resteasy Ubuntu hirsute *
Resteasy Ubuntu impish *
Resteasy Ubuntu kinetic *
Resteasy Ubuntu lunar *
Resteasy Ubuntu mantic *
Resteasy Ubuntu trusty *
Resteasy Ubuntu xenial *
Resteasy3.0 Ubuntu bionic *
Resteasy3.0 Ubuntu eoan *
Resteasy3.0 Ubuntu groovy *
Resteasy3.0 Ubuntu hirsute *
Resteasy3.0 Ubuntu impish *
Resteasy3.0 Ubuntu kinetic *
Resteasy3.0 Ubuntu lunar *
Resteasy3.0 Ubuntu mantic *
Resteasy3.0 Ubuntu trusty *

References