GHSA-qq9f-q439-2574
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qq9f-q439-2574
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-qq9f-q439-2574/GHSA-qq9f-q439-2574.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qq9f-q439-2574
- Aliases
- Published
- 2025-01-02T21:31:42Z
- Modified
- 2025-05-15T01:25:51.843294Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Narayana deadlock via multiple join requests sent to LRA Coordinator
- Details
-
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2025-01-02T22:05:33Z", "cwe_ids": [ "CWE-833" ], "nvd_published_at": "2025-01-02T21:15:10Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-8447
- https://github.com/jbosstm/narayana/pull/2293
- https://github.com/jbosstm/narayana/commit/eb778412de230afc4687a2df43641280494156c5
- https://access.redhat.com/errata/RHSA-2025:3357
- https://access.redhat.com/errata/RHSA-2025:3358
- https://access.redhat.com/errata/RHSA-2025:7620
- https://access.redhat.com/security/cve/CVE-2024-8447
- https://bugzilla.redhat.com/show_bug.cgi?id=2335206
- https://github.com/jbosstm/narayana
Affected packages
Maven / org.jboss.narayana.rts:lra-coordinator-jar
Package
- Name
- org.jboss.narayana.rts:lra-coordinator-jar
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.narayana.rts/lra-coordinator-jar
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.1.0.Final
Affected versions
5.*
5.10.0.Final
5.10.1.Final
5.10.3.Final
5.10.4.Final
5.10.5.Final
5.10.6.Final
5.11.0.Final
5.11.1.Final
5.11.2.Final
5.11.3.Final
5.11.4.Final
5.12.0.Final
5.12.1.Final
5.12.2.Final
5.12.4.Final
5.12.5.Final
5.12.6.Final
5.12.7.Final
5.13.0.Final
5.13.1.Alpha1
5.13.1.Final
6.*
6.0.0.CR1
6.0.0.Final
6.0.1.Final
6.0.2.Final
6.0.3.Final
7.*
7.0.0.Final
7.0.1.Final
7.0.2.Final