Red Hat JBossEAP: Deadlock (CVE-2024-8447)

Red Hat JBossEAP: Deadlock (CVE-2024-8447)

Severity

5

CVSS

(AV:N/AC:H/Au:N/C:N/I:N/A:C)

Published

09/30/2024

Created

01/08/2025

Added

01/07/2025

Modified

01/07/2025

Description

A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.. A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.

Solution(s)

• red-hat-jboss-eap-upgrade-latest

References

• https://attackerkb.com/topics/cve-2024-8447
• CVE - 2024-8447
• https://access.redhat.com/security/cve/CVE-2024-8447
• https://bugzilla.redhat.com/show_bug.cgi?id=2335206
• https://github.com/jbosstm/narayana/pull/2293