CVE-2024-8447

Опубликовано: 30 сент. 2024

Источник: redhat

CVSS3: 5.9

EPSS Низкий

Описание

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Data Grid 7	org.jboss.narayana-narayana-all	Affected
Red Hat JBoss Enterprise Application Platform 7	org.jboss.narayana-narayana-all	Out of support scope
Red Hat JBoss Enterprise Application Platform Expansion Pack	org.jboss.narayana-narayana-all	Affected
Red Hat JBoss EAP XP 5.0 Update 2.0	org.jboss.narayana-narayana-all	Fixed	RHSA-2025:7620	14.05.2025
Red Hat JBoss Enterprise Application Platform 8	org.jboss.narayana-narayana-all	Fixed	RHSA-2025:3358	27.03.2025
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	eap8-eap-product-conf-parent	Fixed	RHSA-2025:3357	27.03.2025
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	eap8-netty	Fixed	RHSA-2025:3357	27.03.2025
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	eap8-netty-transport-native-epoll	Fixed	RHSA-2025:3357	27.03.2025
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	eap8-slf4j	Fixed	RHSA-2025:3357	27.03.2025
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	eap8-wildfly	Fixed	RHSA-2025:3357	27.03.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-833

https://bugzilla.redhat.com/show_bug.cgi?id=2335206narayana: deadlock via multiple join requests sent to LRA Coordinator

EPSS

Процентиль: 53%

0.00306

Низкий

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2024-8447

CVSS3: 5.9

nvd

12 месяцев назад

GHSA-qq9f-q439-2574

CVSS3: 5.9

github

12 месяцев назад

Narayana deadlock via multiple join requests sent to LRA Coordinator

EPSS

Процентиль: 53%

0.00306

Низкий

5.9 Medium

CVSS3