How severe is CVE-2020-35510?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2020-35510?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2020-35510

MEDIUM Year: 2020

CVSS v3 Score

5.9

Medium

CVSS v2 Score

7.1

High

Weakness Type

CWE-400

View all →

Vulnerability Description

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2013-7470

MEDIUM

CVSS:5.9(Medium)

cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstra...

CWE-4002013

CVE-2016-10544

MEDIUM

CVSS:5.9(Medium)

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to...

CWE-4002016

CVE-2016-6307

MEDIUM

CVSS:5.9(Medium)

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consum...

CWE-4002016

CVE-2017-15130

MEDIUM

CVSS:5.9(Medium)

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the...

CWE-4002017

CVE-2017-16025

MEDIUM

CVSS:5.9(Medium)

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only prese...

CWE-4002017

CVE-2017-3140

MEDIUM

CVSS:5.9(Medium)

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5...

CWE-4002017

CVE-2020-35510

Vulnerability Description

Related Vulnerabilities

CVE-2013-7470

CVE-2016-10544

CVE-2016-6307

CVE-2017-15130

CVE-2017-16025

CVE-2017-3140