{ "threat_severity" : "Important", "public_date" : "2025-08-13T14:17:36Z", "bugzilla" : { "description" : "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability", "id" : "2388252", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2388252" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.", "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS)." ], "statement" : "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, “MadeYouReset” is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling — malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.", "affected_release" : [ { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-agent-init-rhel9:0.5.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-db-rhel9:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-grafana-dashboard-rhel9:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-openshift-console-plugin-rhel9:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-operator-bundle:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-ose-oauth-proxy-rhel9:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-reports-rhel9:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-rhel9:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-rhel9-operator:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-storage-rhel9:4.0.2-3" }, { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2025-09-03T00:00:00Z", "advisory" : "RHSA-2025:14919", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/jfr-datasource-rhel9:4.0.2-3" }, { "product_name" : "Red Hat build of Apache Camel 4.10.6 for Spring Boot 3.4.9", "release_date" : "2025-08-28T00:00:00Z", "advisory" : "RHSA-2025:14911", "cpe" : "cpe:/a:redhat:apache_camel_spring_boot:4.10", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat Build of Apache Camel 4.10 for Quarkus 3.20", "release_date" : "2025-08-20T00:00:00Z", "advisory" : "RHSA-2025:14197", "cpe" : "cpe:/a:redhat:apache_camel_quarkus:3.20", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat build of Quarkus 3.15.6.SP1", "release_date" : "2025-08-19T00:00:00Z", "advisory" : "RHSA-2025:14004", "cpe" : "cpe:/a:redhat:quarkus:3.15::el8", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat build of Quarkus 3.20.2.SP1", "release_date" : "2025-08-19T00:00:00Z", "advisory" : "RHSA-2025:14008", "cpe" : "cpe:/a:redhat:quarkus:3.20::el8", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat Data Grid 8.5.5", "release_date" : "2025-09-10T00:00:00Z", "advisory" : "RHSA-2025:15612", "cpe" : "cpe:/a:redhat:jboss_data_grid:8", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-jackson-annotations-0:2.8.11-2.redhat_00004.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-jackson-core-0:2.8.11-3.redhat_00004.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-jackson-jaxrs-providers-0:2.8.11-3.redhat_00004.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-jackson-module-jaxb-annotations-0:2.8.11-3.redhat_00004.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-jackson-modules-java8-0:2.8.11-2.redhat_00004.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-netty-0:4.1.63-3.Final_redhat_00004.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-undertow-0:1.4.18-18.SP16_redhat_00001.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0742", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package" : "eap7-wildfly-0:7.1.13-6.GA_redhat_00002.1.ep7.el7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jackson-annotations-0:2.10.4-4.redhat_00008.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jackson-core-0:2.10.4-4.redhat_00008.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jackson-databind-0:2.10.4-6.redhat_00008.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jackson-jaxrs-providers-0:2.10.4-4.redhat_00008.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jackson-modules-base-0:2.10.4-6.redhat_00008.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jackson-modules-java8-0:2.10.4-3.redhat_00008.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-20.Final_redhat_00021.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-netty-0:4.1.63-6.Final_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-undertow-0:2.0.41-6.SP7_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0743", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "package" : "eap7-wildfly-0:7.3.16-3.GA_redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4915", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7", "package" : "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4915", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7", "package" : "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4915", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7", "package" : "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4916", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8", "package" : "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4916", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8", "package" : "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4916", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8", "package" : "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4917", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9", "package" : "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4917", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9", "package" : "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9", "release_date" : "2026-03-18T00:00:00Z", "advisory" : "RHSA-2026:4917", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9", "package" : "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0.9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17318", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-cxf-0:4.0.9-5.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-cxf-xjc-utils-0:4.1.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-eap-product-conf-parent-0:800.9.1-3.GA_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jbossws-cxf-0:7.3.4-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-netty-0:4.1.127-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-netty-transport-native-epoll-0:4.1.127-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-opensaml-0:4.3.2-2.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-0:8.0.9-8.GA_redhat_00008.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wss4j-0:3.0.4-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-xml-security-0:3.0.5-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-cxf-0:4.0.9-5.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-cxf-xjc-utils-0:4.1.0-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-eap-product-conf-parent-0:800.9.1-3.GA_redhat_00004.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jbossws-cxf-0:7.3.4-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-netty-0:4.1.127-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-netty-transport-native-epoll-0:4.1.127-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-opensaml-0:4.3.2-2.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-0:8.0.9-8.GA_redhat_00008.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wss4j-0:3.0.4-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17317", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-xml-security-0:3.0.5-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1.0", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17299", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-apache-commons-lang-0:3.18.0-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-apache-cxf-0:4.0.9-4.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-eap-product-conf-parent-0:801.0.1-2.GA_redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-jbossws-cxf-0:7.3.4-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-netty-0:4.1.127-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-netty-transport-native-epoll-0:4.1.127-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-opensaml-0:4.3.2-2.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-wildfly-0:8.1.0-55.GA_redhat_00016.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-wss4j-0:3.0.4-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "package" : "eap8-xml-security-0:3.0.5-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-apache-commons-lang-0:3.18.0-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-apache-cxf-0:4.0.9-4.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-eap-product-conf-parent-0:801.0.1-2.GA_redhat_00003.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-jbossws-cxf-0:7.3.4-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-netty-0:4.1.127-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-netty-transport-native-epoll-0:4.1.127-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-opensaml-0:4.3.2-2.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-wildfly-0:8.1.0-55.GA_redhat_00016.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-wss4j-0:3.0.4-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9", "release_date" : "2025-10-02T00:00:00Z", "advisory" : "RHSA-2025:17298", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "package" : "eap8-xml-security-0:3.0.5-1.redhat_00001.1.el9eap" }, { "product_name" : "Streams for Apache Kafka 2.9.2", "release_date" : "2025-09-11T00:00:00Z", "advisory" : "RHSA-2025:15697", "cpe" : "cpe:/a:redhat:amq_streams:2.9::el9", "package" : "netty-codec-http2" }, { "product_name" : "Streams for Apache Kafka 3.0.1", "release_date" : "2025-09-22T00:00:00Z", "advisory" : "RHSA-2025:16407", "cpe" : "cpe:/a:redhat:amq_streams:3.0::el9" }, { "product_name" : "Streams for Apache Kafka 3.1.0", "release_date" : "2025-12-16T00:00:00Z", "advisory" : "RHSA-2025:23417", "cpe" : "cpe:/a:redhat:amq_streams:3.1::el9", "package" : "netty-codec-http2" }, { "product_name" : "Red Hat OpenShift AI 2.24", "release_date" : "2025-10-07T00:00:00Z", "advisory" : "RHSA-2025:17501", "cpe" : "cpe:/a:redhat:openshift_ai:2.24::el9", "package" : "rhoai/odh-modelmesh-rhel9:sha256:92629b1462ca2ed121dd2f3069a005d78e00e1344d330d6a8710f53ec58b74b8" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2025-10-22T00:00:00Z", "advisory" : "RHSA-2025:18989", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-modelmesh-rhel9:sha256:923a9b67ee2dc4f972c82d4e21e71243f92900d4757785fb7b42ccf3f09ecfd8" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24", "release_date" : "2025-10-23T00:00:00Z", "advisory" : "RHSA-2025:19094", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.24::el9", "package" : "devspaces/pluginregistry-rhel9:sha256:080273ea4bc751a33eb7451aab099b40eab46ca2b90685e661f478e45c962b71" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.24", "release_date" : "2025-10-23T00:00:00Z", "advisory" : "RHSA-2025:19094", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.24::el9", "package" : "devspaces/server-rhel9:sha256:053a878beb49fce4487d96d122f3e294ab7142a6dec81367c08ccf86598318b1" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-ekb-dispatcher-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-ekb-kafka-controller-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-ekb-post-install-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-ekb-receiver-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-ekb-webhook-kafka-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-s3-source-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-sns-sink-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-sqs-sink-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-sqs-source-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-log-sink-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-timer-source-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-transform-jsonata-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Will not fix", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat AMQ Clients", "fix_state" : "Not affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:amq_clients:2023" }, { "product_name" : "Red Hat build of Apache Camel 4 for Quarkus 3", "fix_state" : "Affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:camel_quarkus:3" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of Apicurio Registry 3", "fix_state" : "Affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:apicurio_registry:3" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Will not fix", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat build of Debezium 3", "fix_state" : "Will not fix", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:debezium:3" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Will not fix", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Will not fix", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-modelmesh-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-trustyai-service-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-trustyai-service-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Affected", "package_name" : "netty-codec-http2", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-55163\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-55163\nhttps://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4\nhttps://kb.cert.org/vuls/id/767506" ], "name" : "CVE-2025-55163", "mitigation" : { "value" : "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.", "lang" : "en:us" }, "csaw" : false }