{ "threat_severity" : "Moderate", "public_date" : "2024-11-12T15:50:08Z", "bugzilla" : { "description" : "netty: Denial of Service attack on windows app using Netty", "id" : "2325538", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2325538" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.", "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes." ], "affected_release" : [ { "product_name" : "Red Hat build of Quarkus 3.15.3", "release_date" : "2025-02-05T00:00:00Z", "advisory" : "RHSA-2025:0900", "cpe" : "cpe:/a:redhat:quarkus:3.15::el8", "package" : "io.quarkus/quarkus-netty" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "io.netty/netty" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4.22", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4552", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3358", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "package" : "io.netty/netty" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap" }, { "product_name" : "Streams for Apache Kafka 2.9.0", "release_date" : "2025-03-05T00:00:00Z", "advisory" : "RHSA-2025:2416", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "Streams for Apache Kafka 2.9.1", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9922", "cpe" : "cpe:/a:redhat:amq_streams:2.9::el9" }, { "product_name" : "Streams for Apache Kafka 3.0.0", "release_date" : "2025-08-01T00:00:00Z", "advisory" : "RHSA-2025:12511", "cpe" : "cpe:/a:redhat:amq_streams:3.0::el9" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat Build of Keycloak", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:build_keycloak:" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Not affected", "package_name" : "io.netty/netty", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-47535\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47535\nhttps://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3\nhttps://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv" ], "name" : "CVE-2024-47535", "csaw" : false }