CVE-2024-8447 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-8447 PUBLISHED CVSS 5.900000095367432 MEDIUM

Narayana deadlock via multiple join requests sent to LRA Coordinator

EPSS 0.17% · 38.5th percentile

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.17%

38.5th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	0:2.0.16-2.redhat_00003.1.el9eap
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	0:8.0.6-15.GA_redhat_00009.1.el8eap
Red Hat	Red Hat JBoss Enterprise Application Platform 7
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	0:4.1.119-1.Final_redhat_00002.1.el9eap
Red Hat	Red Hat JBoss EAP XP 5.0 Update 2.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	0:2.0.16-2.redhat_00003.1.el8eap
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	0:4.1.119-1.Final_redhat_00002.1.el8eap
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	0:800.6.1-1.GA_redhat_00001.1.el9eap
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat	Red Hat JBoss Data Grid 7
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	0:4.1.119-1.Final_redhat_00002.1.el8eap
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	0:8.0.6-15.GA_redhat_00009.1.el9eap
		0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	0:800.6.1-1.GA_redhat_00001.1.el8eap
Red Hat	Red Hat JBoss Enterprise Application Platform 8
Maven	org.jboss.narayana.rts:lra-coordinator-jar	0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	0:4.1.119-1.Final_redhat_00002.1.el9eap

Timeline

Jan 2, 2025 CVE Published
Jan 3, 2025 EPSS Score
Jan 18, 2025 EPSS Score
Feb 3, 2025 EPSS Score
Feb 18, 2025 EPSS Score
Mar 6, 2025 EPSS Score
Mar 13, 2025 Coalition ESS Score
Mar 21, 2025 EPSS Score
Mar 28, 2025 Coalition ESS Score
Apr 5, 2025 EPSS Score
Apr 21, 2025 EPSS Score
May 6, 2025 EPSS Score

References

RHSA-2025:3357 vendor-advisory
RHSA-2025:3358 vendor-advisory
RHSA-2025:7620 vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-8447 vdb
RHBZ#2335206 issue
https://github.com/jbosstm/narayana/pull/2293 url
https://github.com/jbosstm/narayana package
https://nvd.nist.gov/vuln/detail/CVE-2024-8447 advisory
https://github.com/jbosstm/narayana/commit/eb778412de230afc4687a2df43641280494156c5 url

Open in Interactive Console →