High severityNVD Advisory· Published Jun 2, 2021· Updated Aug 4, 2024
CVE-2020-35510
CVE-2020-35510
Description
A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.remoting:jboss-remotingMaven | < 5.0.20.Final | 5.0.20.Final |
Affected products
2- redhat/jboss-remotingdescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-p6j8-hgv5-m35gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35510ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.