CVE-2020-14340

NameCVE-2020-14340
DescriptionA vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
jboss-xnio (PTS)buster3.7.0-1vulnerable
bullseye3.8.4-1fixed
bookworm, sid3.8.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
jboss-xniosourcestretch(not affected)
jboss-xniosource(unstable)3.8.2-1

Notes

[buster] - jboss-xnio <no-dsa> (Minor issue)
[stretch] - jboss-xnio <not-affected> (vulnerable code is not present)
Fix for 3.8: https://github.com/xnio/xnio/pull/233
Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234
Search for package or bug name: Reporting problems