{ "threat_severity" : "Important", "public_date" : "2025-02-10T21:57:28Z", "bugzilla" : { "description" : "io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine", "id" : "2344787", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2344787" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.", "A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation." ], "statement" : "This vulnerability in Netty's SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.", "affected_release" : [ { "product_name" : "HawtIO HawtIO 4.2.0", "release_date" : "2025-06-10T00:00:00Z", "advisory" : "RHSA-2025:8761", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4.2::el6", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat build of Apache Camel 4.8.5 for Spring Boot", "release_date" : "2025-04-02T00:00:00Z", "advisory" : "RHSA-2025:3543", "cpe" : "cpe:/a:redhat:apache_camel_spring_boot:4.8.5", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat Build of Apache Camel 4.8 for Quarkus 3.15", "release_date" : "2025-03-03T00:00:00Z", "advisory" : "RHSA-2025:2067", "cpe" : "cpe:/a:redhat:camel_quarkus:3.15", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat build of Quarkus 3.15.3.SP1", "release_date" : "2025-02-27T00:00:00Z", "advisory" : "RHSA-2025:1885", "cpe" : "cpe:/a:redhat:quarkus:3.15::el8", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat build of Quarkus 3.20.1", "release_date" : "2025-06-02T00:00:00Z", "advisory" : "RHSA-2025:8258", "cpe" : "cpe:/a:redhat:quarkus:3.20::el8", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat build of Quarkus 3.8.6.SP3", "release_date" : "2025-02-27T00:00:00Z", "advisory" : "RHSA-2025:1884", "cpe" : "cpe:/a:redhat:quarkus:3.8::el8", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat Data Grid", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2663", "cpe" : "cpe:/a:redhat:jboss_data_grid:8", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3467", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4.22", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4552", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4549", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4550", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-netty-0:4.1.119-1.Final_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-04-01T00:00:00Z", "advisory" : "RHSA-2025:3465", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.21-3.GA_29548_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-apache-commons-io-0:2.16.1-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hal-console-0:3.3.26-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-ironjacamar-0:1.5.19-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-server-migration-0:1.10.0-41.Final_redhat_00041.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-weld-core-0:3.1.11-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.22-2.GA_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4548", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-elytron-0:1.15.25-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3358", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-eap-product-conf-parent-0:800.6.1-1.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-netty-0:4.1.119-1.Final_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-netty-transport-native-epoll-0:4.1.119-1.Final_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-slf4j-0:2.0.16-2.redhat_00003.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3357", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-0:8.0.6-15.GA_redhat_00009.1.el9eap" }, { "product_name" : "RHINT Camel-K 1.10.10", "release_date" : "2025-04-02T00:00:00Z", "advisory" : "RHSA-2025:3540", "cpe" : "cpe:/a:redhat:camel_k:1.10.10", "package" : "io.netty/netty-handler" }, { "product_name" : "Streams for Apache Kafka 2.9.1", "release_date" : "2025-06-30T00:00:00Z", "advisory" : "RHSA-2025:9922", "cpe" : "cpe:/a:redhat:amq_streams:2.9::el9", "package" : "io.netty/netty-handler" }, { "product_name" : "Streams for Apache Kafka 3.0.0", "release_date" : "2025-08-01T00:00:00Z", "advisory" : "RHSA-2025:12511", "cpe" : "cpe:/a:redhat:amq_streams:3.0::el9", "package" : "io.netty/netty-handler" }, { "product_name" : "Red Hat OpenShift AI 2.18", "release_date" : "2025-03-10T00:00:00Z", "advisory" : "RHSA-2025:2588", "cpe" : "cpe:/a:redhat:openshift_ai:2.18::el8", "package" : "rhoai/odh-modelmesh-rhel8:sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Not affected", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Cryostat 3", "fix_state" : "Affected", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:cryostat:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "openshift-logging/elasticsearch6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Affected", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat AMQ Clients", "fix_state" : "Will not fix", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:amq_clients:2023" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of Apicurio Registry 3", "fix_state" : "Affected", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:apicurio_registry:3" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Will not fix", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Affected", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Out of support scope", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "netty-handler", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Out of support scope", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Out of support scope", "package_name" : "io.netty/netty-handler", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-24970\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24970\nhttps://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4\nhttps://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw" ], "name" : "CVE-2025-24970", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }