Main Vulnerability Database Vulnerabilities #VU106934

Resource management error in Narayana - CVE-2024-8447

Published: April 3, 2025

Vulnerability identifier: #VU106934

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-8447

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: jbosstm

Affected software:
Narayana

Detailed vulnerability description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in the LRA Coordinator component. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash.

How to mitigate CVE-2024-8447

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=2335206
https://github.com/jbosstm/narayana/pull/2293
https://issues.redhat.com/browse/JBTM-3911

Resource management error in Narayana - CVE-2024-8447

Detailed vulnerability description

How to mitigate CVE-2024-8447

Sources

Please verify you're human