CVE-2020-14326

HIGH7.5EPSS 0.38%

RESTEasy 4.5.5.Final in hash flooding

Published: 3/18/2022Modified: 2/19/2024

Description

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Affected packages (1)

Maven/org.jboss.resteasy:resteasy-bomfrom 0, < 4.5.6.Final

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-14326
PATCHhttps://github.com/resteasy/Resteasy
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1855826
WEBhttps://github.com/resteasy/Resteasy/pull/2471
WEBhttps://security.netapp.com/advisory/ntap-20210713-0001